Build Your Business:

How PCI Compliance Can Help Your Business

February 4, 2013

I get calls daily about this topic, which centers on the regulations that all merchants who accept credit card transactions must follow to ensure they’re best protecting their customers’ credit card data. While these standards have been in place since 2005, information about PCI often comes as a surprise to business owners because their current providers are simply charging them for it, but not taking the steps to get them certified as compliant.

On one hand, some business owners say they feel invincible and that these data infractions could never happen to them. Their interest to speed ahead to the next thing often leaves them wanting to skip these critical steps to ensure they’re up to standards and protecting themselves from serious liability. This mindset — coupled with an oftentimes healthy handle on technology — makes for a dangerous cocktail of not listening to the experts on what is necessary to protect themselves, their business and their clients.

There also exists the juxtaposition of the business owners who fight this requirement out of a fear of change or because they’ve “never heard of it before.” Please do not fall into this category. Just because it’s not familiar to you does not mean it’s not critical or a requirement.

With the advent of mobile processing via smartphones and tablets, and the ever-increasing world of online retail, these concerns simply compound as it becomes increasingly easy to hack into this sensitive data. As our American payment processing systems still lag behind Asia, and even Europe, as far as payment technologies are concerned (think cell phone tap-to-pay technologies, restaurant tableside payments, chip card terminals, etc), the hope is to create a more secure environment for everyone involved.

But, apart from the cost to merchants and the massive roll-out efforts that will need to happen, it will take continued education and open-mindedness by business owners to recognize the gravity of credit card security, as well as the large possible infractions for breaches (maximums around $250,000 per breach, per month).  These penalties can be paralyzing to most businesses.

The PCI Compliance Process

For most businesses, becoming PCI compliant for most businesses is not a tedious process. Rather, it requires completion of an annual self-assessment questionnaire (SAQ), which typically comes with assistance from the PCI vendor. If you use Internet connectivity to take your payments (IP terminal, virtual terminal or POS) you are required to have quarterly or monthly scans to your system, which are completed automatically. If you use dial technology for a terminal, this step is not required (successful completion of the SAQ is the sole requirement). If you’re using mobile technologies, there currently are no additional scan requirements. However, the SAQ soon will more accurately reflect questions for this type of payment platform.

Many ask about the cost of becoming PCI compliant. Costs vary, but they should be no more than about $10 per month for each merchant account. Be wary of providers who do not mention PCI compliance or say there is no cost for it. You should pay for this service so that you can go through the necessary steps to be certified as compliant on an annual basis. This generally also will give you some security breach insurance so that if a data breach occurs, you have some protection. 

In an economic climate where every dollar counts, owners of businesses that accept credit card payments should first review what is being paid on transactions, as well as monthly and annual costs. Next, be sure to ask your existing or new provider how they handle PCI compliance and be sure you’re taken through the proper steps to be certified as compliant rather than to simply be charged each month to pay off penalties.

Educate yourself via the official website on PCI or through an expert so you have a comfort level regarding the security of your transactions. I guarantee it’s worth 30 minutes of your time to address these matters, while also ensuring your company is paying the lowest fees possible while protecting your customers’ credit card data.

Darrah Brustein is co-founder of Equitable Payments, an Atlanta- and Austin, Texas-based merchant services brokerage and is a networking and business development expert. She worked in the wholesale apparel business before transitioning into credit card processing. For more information or to comment on this article, email Darrah at