What is PCI Compliance?

Posted by Karen Erdelac on Mar 21, 2016

PCI ComplianceMany Quikstone Capital Solutions customers are very conscious of the costs required to run their businesses. We welcome the questions that our customers ask us regarding the costs associated with their processing accounts. Many of the questions we receive involve the costs of PCI compliance.

Let’s talk about what PCI compliance means. PCI stands for Payment Card Industry and is a security standard established by the organization known as the PCI Standards Council. This organization’s membership includes MasterCard, Visa, American Express, Discover Financial Services and JCB International along with some other strategic members. The stated purpose of the PCI standards is “to develop, enhance, disseminate and assist with the understanding of security standards for payment account security.”

What do the security standards mean to the average merchant?

According to the PCI standards Council the regulations have two goals. 

  1. Helping merchants and financial institutions understand and implement standards for security policies, technologies and ongoing processes that protect their payment systems from breaches and theft of cardholder data.

  2. Helping vendors understand and implement standards for creating secure payment solutions.

More information regarding PCI compliance standards can be found on the organization’s website which is www.pcisecuritystandards.org.

In order to become PCI compliant the merchant must complete an “SAQ,” which is a Self-Assessment Questionnaire.  The merchant must complete this questionnaire to become compliant whether the merchant uses terminals or a POS system. A Sterling representative can help you with this if needed. 

If a merchant is using a POS system, in order to become PCI compliant the merchant will need to have a system scan completed by a third party vendor used by Sterling Payment Technologies – Trustwave - along with completion of the SAQ. There is a link to Trustwave also located on the Sterling Payment Technology at www.sterlingpayment.com or you can go directly to Trustwave’s website at https://www.trustwave.com  Trustwave provides merchants support regarding PCI compliance if requested.

What is PCI ComplianceMerchants ask us why they are required to be PCI compliant if they do not store any cardholder data. Many feel they are not at risk of being compromised by a hacker for this reason.

Simply put, any merchant who processes credit cards is at risk of a data compromise. If a merchant’s data  is compromised and they are not PCI compliant,  the merchant can be subject to large fines imposed by the card brands. These fines and penalties are often assessed even if no breach occurred. A merchant who is compliant may still incur a fine if they are breached, but most likely the fines would be minimized. We have seen many of these fines exceed $5,000 and sometimes contributing to merchants being forced out of business.

Additionally, Sterling Payment Technology (along with the majority of all credit card processors) charges merchants that are not PCI compliant with a monthly non-compliance fee. Processors charge these fees in an attempt to offset the risk of having a merchant who is non-compliant, accessing their network.

The benefit of being PCI compliant in many ways is similar to having car insurance.

When you have car insurance you hope to never have a claim and you drive safely, obey the regulations and driving laws. But, if an accident occurs, your insurance is the safety net that helps pay for the damages and sometimes total replacement costs of your vehicle. Also, just as auto insurance prevents motorist from having their driver’s licenses suspended in most states and being subject to fines and penalties, being PCI compliant protects a merchant from being subject to fines and costs for non-compliance. 

We all live in a world that increasingly relies on technology and technology can be compromised by bad people. The goal of PCI compliance is to protect good people from being preyed upon by bad people who want to steal information for financial gain. Today, PCI compliance is fact of life that anyone who accepts credit cards has to face. Quikstone Capital Solutions supports its customers in any way possible to insure their success whether that help involves providing working capital or helping that merchant through the process of becoming PCI complaint. We, at Quikstone Capital Solutions, are there as your partner to help insure your success.

Do you need cash to buy a new system? Quikstone Capital Solutions provides cash for businesses. A merchant cash advance from Quikstone Capital Solutions is a business loan alternative that can help your business thrive and prosper. 

There are options available that will not only help you be PCI compliant but also assist you with other day to day functions of your business such as inventory management, sales reporting, etc.  Quikstone Capital Solutions can help get the cash you need! Click on the button below for a consultation on available options.

 Apply Now


Topics: About us, PCI compliance