If you handle credit card information, do it right or risk going out of business.
With more consumers making purchases online, it’s more important than ever for businesses to provide a secure network for online credit card transactions. To ensure that customers’ credit card information is kept in a secure environment, the Payment Card Industry Data Security Services (PCI DSS) lists a set of requirements which provide the standard for any business that receives repeat payments by credit cards over the Internet.
PCI applies to all organizations or merchants that accept, transmit or store any cardholder data. To put it simply, if your customers ever pay directly using a credit card or debit card, the PCI DSS requirements apply. There are two basic options for providing customers with a secure environment for online credit card payments
Do It Yourself
Some companies, such as the multibillion-dollar international e-commerce site Amazon, have their own hardware for encrypting and storing cardholders’ data. With this option, you must understand and follow the 12-point checklist outlined in the PCI DSS. With technical specifications, guidelines and jargon for each requirement, the checklist spans for pages and isn’t necessarily easy to follow. According to the requirements, businesses must build and maintain a secure network, which includes investing in a firewall, putting an antivirus system in place and encrypting all cardholder information while the information is stored and not actively being used. Businesses must also comply with an annual audit. And that’s just a few of the requirements.PCI DSS compliance can have a significant burden from an operational, financial, and technical standpoint and is often best for large companies that experience tens or hundreds of thousands of credit card transactions per day.
Use a Payment Processer
A third party payment provider, such as PayPal or Authorize.net, serves as a secure bridge between your customers’ personal credit card information and your business’ checking account. Via a service easily integrated into your website, payment providers make it possible for customers to pay online in a secure environment. Because they are well equipped to run transactions in a PCI-compliant manner, payment providers are also able to safely store and encrypt your customers’ credit card data, saving you the hassle, time, money and resources of doing it yourself.
If you plan to store credit card information for repeat transactions, not conforming to PCI requirements is taking a huge risk. What happens if you’re hacked? Or an disgruntled employee decides to moonlight as an identity broker on the black market? You’ll be facing a huge legal and financial mess, loss of customer goodwill, brand damage, fines by the government or credit card companies — and perhaps the end of your company.
In short, keep your clients’ credit card information safe by using PCI DSS compliance, or you run the risk of facing legal battles and losing your business.