Did you know there's a strong correlation between a lack of full PCI compliance and a higher likelihood of sustaining a data breach that compromises valuable payment-card information? It's true.
The Verizon 2015 PCI Compliance Report showed that, on average, businesses sustaining a data breach were 36 percent less likely to be compliant with any one of the 12 requirements.
Developed more than 10 years ago, the Payment Card Industry Data Security Standard (PCI DSS) was mandated by the global card brands, including Visa, MasterCard, American Express, Discover, and JCB International. When talking about meeting this standard, most people refer to it as “PCI compliance.”
But many merchants lack even a baseline knowledge when discussing this important business security regulation. So here's a short refresher on exactly what PCI compliance is.
What is PCI compliance?
For organizations that process, store, or transmit card information, the PCI DSS sets the requirements for maintaining a secure environment. That usually includes three important steps:
- Assessment. Identify sources of cardholder data, inventory all IT assets and processes used during payment-card processing, and isolate system vulnerabilities that could expose those data.
- Remediation. Address and repair any system vulnerabilities and make changes in order to avoid storing cardholder data at any point during the payment process.
- Reporting. Regularly submit PCI compliance reports to acquiring banks and card brands that merchants do business with, including records validating any remediation solutions.
Based on the number of Visa transactions processed each year, merchants are classified into one of four levels and then must meet specific PCI compliance requirements.
Why PCI compliance is important to value-added resellers
As a value-added reseller (VAR), you might be wondering why you should be worried about PCI compliance at all. If one of your clients runs into trouble with card data security, that business owner is responsible.
But avoiding the subject of PCI compliance with your customers is shortsighted. Here's why.
Building a successful VAR business means creating strong ties with your customers over time. That includes serving as a trusted partner, helping clients select and install secure business systems, and offering assistance when things go wrong.
Your first contact with a potential client is the perfect time to help that merchant understand why complying with PCI regulations lays the foundation for safe and secure payment processing. When you frame PCI compliance in a more positive light, your customers benefit from higher levels of system security, a stronger reputation with acquirers and card brands, and increased customer trust.
You can also remind clients that non-compliance with PCI DSS can lead to fines, transaction-fee increases, and even termination of payment processing services. It's not something to avoid.
So look for opportunities to introduce the basics of PCI compliance in your conversations with clients. Maintaining a PCI-compliant environment for payment processing means secure point-of-sale hardware and software systems, along with strong wireless networks and hard-to-penetrate access points.
If you still have questions about PCI DSS—and you probably will—don't hesitate to contact Ingram Micro's in-house experts for answers and help with your toughest client challenges.
How are you bringing PCI compliance into your client conversations?