The Payment Card Industry Data Security Standard (PCI DSS) has provided the gold standard for payment processing security since implemented in 2006. Of course, technology and data theft have evolved over time, so the standard has moved to keep up. As you look at compliance in 2020, you need to keep up as well. The following are aspects of the PCI DSS that you need to know for your business.
This Is Not Optional
Ensuring PCI DSS compliance can be expensive and time consuming. Unfortunately, this is not an optional standard for your business. For you to process payments on an eCommerce or on-site platform, you need to establish compliance. This protects you and your customers; the standard ensures that you have set up a level of security to help prevent data theft and loss through your operations. Further, if you are not compliant, you face fines and loss of the ability to process card transactions. You need PCI DSS compliance.
Know Your Level
The standard comes at four levels, depending on the number of transactions your business runs annually:
- Level 4 - under 20,000 eCommerce transactions, or up to one million total transactions
- Level 3 - 20,001-1,000,000 eCommerce transactions
- Level 2 - 1,000,001-6,000,000 total transactions
- Level 1 - 6,000,001+ total transactions
The level of security you need to meet the standard increases as your level goes down. Understanding your business helps you know the level you must achieve. This represents your minimum security needs, and if you are looking to grow, setting your sights higher is usually the best approach.
Compliance Is a Process
Data security does not sit as an end goal for your business. Instead, you need to assess what you have in place, early and often. From here, any deficiencies that you identify should be addressed immediately. Develop, implement, and execute a remediation plan. Report your findings and your remediation efforts to the banks and processing agents whom you work with. Then, continue to monitor and improve your operations to ensure that you not only remain in compliance but stay on top of additional security concerns and incidents that arise. Your security efforts are never done while you remain in business.
The Right Partner Matters
On top of everything else your business demands of you, your PCI DSS compliance can feel like a lot. Fortunately, the strongest payment processing partners will help you stay on top of your compliance needs. Rather than play the continuous game of catch up without help, make sure your payments partner maintains PCI DSS compliance standards in its operations. If you work together to maintain compliance, you can keep your business running efficiently and securely.
Nuvei's Partner Learning Center can help improve your knowledge of PCI Compliance and other aspects of the merchant services industry. Learn more.