PCI Compliance is NOT a law. It is a set of data security standards that the Payment Card Industry (you know, Visa, MC, Am Ex, Discover and JCB) have put together in order to tighten the reigns on credit card fraud by implementing these regulations on to the merchants and the acquiring banks that provide merchant accounts.
You see, a few years back these big boys got together and said "We are sick and tired of eating it on all these fraudulent charges...its costing us BILLIONS! I know, lets pass the onus onto the banks and merchants who are going around willy-nilly without using the proper security in the first place." They all agreed this was a bang up idea, and so on September 7, 2006 The Payment Card Industry Security Standards Council (PCI SSC) was born.
Since that time ALL companies that process, store or transmit credit card information are required to maintain a secure environment. The payment brands and acquirers are responsible for enforcing compliance and if you haven't heard from your acquiring bank yet you soon shall.
A copy of the PCI DSS is available here.
Think of it this way, being able to take credit cards for payment is NOT a right it IS a privilege that the Payment Card Industry can give'th or take'th away. It's like when you walk into a store that has a sign that reads "No Shirt, No Shoes, NO SERVICE!" that means they require their customers to come in with foot wear and a covered torso.
They reserve the right to NOT do business with you based on this rule. It is the proprietors store and those are the rules, if they don't want to look at your bare feet and and whatever tattoo you may be sporting on your latissimus dorsi they can toss you out... PERIOD.
So it goes with PCI Compliance, if you want to play ball (do business) with these guys on their playing field you need to follow THEIR rules or they will simply take their ball and go home.
Now for goodness sake, put your dang clothes on and get your business certified PCI DSS compliant...
Posts
No comments:
Post a Comment