Compliance – defined
It’s about standards. Any time an organization accepts, transmits or stores any cardholder data. Standards apply regardless of size or number of transactions. Yes, any time you accept cards as a form of payment. This includes pre-paid cards, debit cards, taking cards over the phone, and ecommerce.
The Payment Card Industry Data Security Standards (PCI DSS) is a set of universally accepted standards that help protect the safety of customer data (and the integrity of your business). These standards include both operational and technical requirements. You can find the standards on the PCI Security Standards Council website.
You need to know your exposure to penalties for non-compliance. The acquiring bank may be fined $5,000 to $100,000 per month for PCI compliance violations. This fine is often passed along and lands on the merchant. As a result, your bank relationship will either be terminated or you will experience increased transaction fees.
Your merchant account agreement should outline your exposure.
One approach does not fit all. See how to approach payments for your business.