The short answer as to whether you should get PCI Compliant or not is absolutely yes!
Although answering the PCI SAQ Questionnaire and getting the quarterly ASV scans can be tedious and let’s face it, not all of us are IT professionals; this questionnaire can help you understand how to keep your business safe from an intrusion. The good news is that you don’t have to achieve PCI Compliance alone. If you get stuck on any of the SAQ questions or have trouble scanning your computers, many PCI Compliance companies can walk you through the entire process of getting compliant either by phone or live chat.
Here are a few reasons among many as to why you should take the PCI SAQ Questionnaire and complete it along with the quarterly ASV scans:
The Cards Brands (Visa/MasterCard/Discover/Amex) require it. They want every merchant getting used to this compliance process so businesses are storing information correctly and checking their systems on a quarterly basis.
It can save you from a breach which could cause massive fines and saves you from having to hire a forensic team to find out where the breach occurred. In my 14+ years in this industry, I have seen many small businesses get breached and it’s always costly and always unexpected. Years ago, a client of mine had a Secret Service Agent show up to her restaurant to tell her that her business had been identified as a CPP (Common Point of Purchase) where cardholders that had dined at her restaurant were having their credit/debit cards breached.
The monthly or quarterly PCI program fee that many processors charge can be reduced if you get compliant. For example, your processor might charge you $10.00 a month if you don’t get compliant but if you do achieve compliance, they will reduce it to $7.00 a month.
By getting compliant, you can also avoid per month and/or annual non-compliance fees that can be added to your merchant account after 3 to 6 months. I have seen non-compliance fees as high as $60 a month and $130 a year so this can get very expensive for your business.
As of the writing of this blog, the Card Brands (Visa/MC/Discover/Amex) do not charge a penalty if you don’t get compliant, but the expectation in the industry is that they may start charging a penalty to the processor. This penalty would then be passed on to business owners who are not achieving compliance. It’s better to do your compliance now instead of waiting until you are penalized down the road.
There are two ways to achieve compliance with your credit card processor:
1. Go to the email that your processor sent you in regards to getting compliant. Many processors use companies like Control Scan, Security Metrics, and Trustwave to manage their PCI Compliance programs. You would have received this email shortly after setting up your merchant account. If you have never received an email from your processor, it’s always best to call them and see if they can send the email again.
2. Most processors allow you to provide your compliance certificate from a previous processor’s PCI Compliance program. No one wants to have to double-do their work and fill out the same questions again if they’ve already completed it. Get a copy of your PCI certificate and provide that to your processor. Keep in mind that these certificates are only good for (1) year so you will need to re-certify when your (1) year has expired.
At Ark Payment Solutions, we are always happy to answer any questions you may have about PCI Compliance. Filling out the SAQ Questionnaire and getting quarterly scans are a good start but there are other ways that you can protect your business from intrusions. Feel free to email us at info@arkpaymentsolutions.com or call us at 702-257-8295. We would be happy to give you more information or you can have us do a detailed statement analysis for you!
Comentarios