Is your company at risk from a breach?

PCI Compliance Facts

One of the things that many business owners must know are the PCI compliance facts. As a part of accepting credit cards, every employee in the business must be properly trained on how to handle credit card data and related customer info. All of this must be done in a secure manner.

What Does PCI Compliant Even Mean?

PCI = Payment Card Industry

To be compliant means that you follow the industry standards when handling, processing, and storing credit card data.

The PCI Council is a global organization made up of the largest bankcard brands (like Visa and MasterCard) and other worldwide financial institutions. They are focused on maintaining the safety and security of payments both in the US and internationally. Every business in the world must agree to follow the rules when accepting credit card payments.

Let’s run through the facts and test your knowledge.

True or False?

You need an annual PCI compliance scan.

True. The Payment Card Industry Council, aka the PCI Council, oversees education, sets the standards, and provides the processes that businesses must follow to remain compliant. Annually, companies must go through an internal audit and complete the necessary reporting to share their in-house practices and prove that they are following the PCI compliance standards.

Employees can share Use a unique user ID to access the system.

False – Always have a unique user ID for each employee. They should log out when they are no longer using the system, even for a few minutes.

It is ok to write down your username or password for the system as long as you keep it in a safe location.

False – you should not write down user name and passwords. This allows someone to log in who may not be authorized.

You should always verify the customer – even when you know their voice?

True – make sure the person is an authorized account holder. Ask for their name, the zip code (and if your system requires it, the billing address) and CVV code.

We record all calls, since that is our policy, it is okay to record a customer as they pay an invoice.

False – Prior to having the customer share their credit card details, turn off customer recording  to prevent the recording of sensitive information.

We allow text to  pay – customers can text us their credit card info.

False – Never allow a customer to text their credit card information. Use the Text2Pay system to securely accept text payments.

We can keep a photocopy of the card in the locked client records cabinet.

False – Your POS System must be set up to encrypt the data using the most current PCI security protocols. Never photo copy, take a picture or write down credit card numbers. This is one of the core PCI compliance facts and has been in place for nearly two decades.

TransAct will help me with a PCI non-compliance alert.

True – We proactively work with our clients to to help resolve compliance issues.

How did you do? (If you got even one answer wrong, you might want to go over this with us again.) Would you like a refresher? We can help. If you think you might be going off the right processes, just reach out.

Schedule a call to review all of the critical steps that can help you and your staff to maintain PCI compliance. Everyone in the company must work to make sure all security practices are in place.