June 13, 2013 1 Comment
USB is PCI compliant. Are you? PCI, the Payment Card Industry has a list of standards for companies that process, conduct or keep any credit card data to guarantee that the information they possess is secure in an environment that is not easily hacked. USB Payment Processing always confirms the safety of its consumers first before any transaction is made.
According to http://www.pcicomplianceguide.org, the Security Standards Council (PCI SCC) first came about in September of 2006; this council was to focus on improving account security. The committee was created by major card brands, such as Visa, MasterCard, and American Express in order to manage the PCI DSS (www.pcisecuritystandards.org). The payment brands are those who enforce the compliance, not the council.
In order to be PCI compliant, a company must follow these particular standards that were created to protect all card information, both before and after a transaction. All card brands require this compliance.
These PCI standards apply to any merchants, whether big or small, that transmits any card data.
A company can be SSL certified, but that does not mean they are compliant. This type of certificate provides customer security to a certain degree, but it does not secure the server from malicious attacks. To be PCI compliant there are several other steps that must be taken.
Noncompliance leads to a handful of repercussions. It is up to the discretion of the payment brands when fines are given. The brand may fine an acquiring bank up to $100,000 per month for compliance violations. The bank will then pass this fine onto the merchant. After that, it is likely that the bank will also cease doing business with that merchant, or at the least increase fees. Penalties such as this can be disastrous to small businesses. In order to avoid this, it is advised to be familiar with the merchant account agreement, this will summarize exposure.
The information that needs to be protected is any personal data connected to the cardholder. This data includes account numbers, expiration dates, address, social security card, etc. Any information that is stored, processed, or transmitted can also be thought of as cardholder data and must be secured.
USB Payment Processing’s PCI program offers services that help merchants not only become but also stay compliant, even when PCI DSS standards modify. USB is a certified PCI compliant company and adheres to the PCI DSS. Visit http://www.usbne.com/services/pcicompliance/ to learn more about USB’s PCI compliance process.
To learn more about USB or see how we are involved, visit our blog page to see our latest updates.
Statistics from http://www.statisticbrain.com show that over 10% of Americans have fallen victim to credit card fraud. Roughly 40% of this fraud is due to lack of PCI compliance among merchants. For example, up to 1.5 million MasterCard and Visa cards were compromised in a current data breach of payment processor Global Payments Inc. The result of this was cancelling and reissuing cards for customers. MasterCard and Visa are attempting to comfort cardholders to ensure them that the counterfeit charges are not their responsibility to handle. Instances such as this prove that noncompliance is extremely problematic for companies both big and small.
For more information feel free to contact us at 410 828 4286.