The Payment Card Industry (PCI) is governed by a security council that ensures any business in the PCI maintains a secure environment for cardholders. While the PCI council develops the standards that merchants must closely follow, it is the payment brands that enforce PCI compliance. These standards are applied to any merchant or business that accepts, stores, and transmits any cardholder data.
What Is PCI
The Payment Card Industry (PCI) denotes the organizations that process, store, and transmit cardholder data, such as credit and debit cards. The Payment Card Industry Security Standards Council develops standards to be used by the industry. The Payment Card Industry Data Security Standards (PCI DSS) are applied to major card companies such as Visa, MasterCard, American Express, Discover, and JCB. These standards are developed to increase the control of cardholder data in an effort to decrease credit card fraud.
How PCI Standards are Determined
There are four levels of PCI compliance and merchants fall into each level based off the amount of Visa transactions in a 12 month period. These transactions include credit, debit, and prepaid cards. Visa defines merchant levels as follows:
- Level 1 – Any merchants that process over 6 million Visa transactions per year fall into the first level of compliance.
- Level 2 – Level 2 consists of any merchant that process 1 to 6 million transactions per year, regardless of acceptance channel.
- Level 3 – Merchants that process 20,000 to 1 million e-commerce transactions per year fall into level 3.
- Level 4 – Level 4 includes all merchants that process less than 20,000 e-commerce transactions per year OR process up to 1 million transactions per year, regardless of acceptance channel.
If a merchant experiences a hack wherein account data was compromised, they may be placed into a higher level.
As stated, any merchant or organization that accepts and transmits cardholder data falls into PCI regulations. Whether transactions are done over the phone or a merchant uses a third party processor, merchants must comply to PCI standards. Therefore, the exceptions of PCI compliance are non-existent.
How CardPRO Systems Can Help
Though merchants using, third-party processors are not excluded from complying with PCI DSS, such merchants may cut down on risk exposure and reduce necessary validation compliance as a result. That’s where we come in. CardPRO Systems is your answer to safe and secure transactions, with guaranteed PCI compliance! With no startup fees and no commitment, using our services is as simple as it gets. Contact us today or easily set up an account to start accepting payments tomorrow!