If you are the owner and operator of a small to medium home business who is looking to start accepting credit cards then you need to know the rules about accepting credit cards as a form of payment. Even though you may consider yourself to be in a different category compared to major retailers the rules are that even if you accept 1-2 credit card payments over the phone per year you must comply to the industry standards. Not being compliant with the industry standards set out by the PCI DSS will get into hot water so please take notice of the following information.
With so many credit card payments floating around the internet at any given time security is a concern for everyone. Credit card fraud and identity theft were becoming major concerns as so a group of five of the biggest credit card companies came together to form the PCI DSS which stands for Payment Card Industry Security Standards Council. The council was started to set up a system of security standards that each vendor accepting credit cards as a form of pay ment must comply to. This was a way of ensure the protection of the people's credit card information.
The businesses are accountable to the various credit card companies and financial institutions but it is the PCI DSS that is responsible for providing new countermeasures in protecting people from new online threats. They are just a security council that identifies weaknesses and give means of solving the problems. However you still have an obligation to be compliant with them or face the consequences.
Basically even if you only accept payments via phone you still have to be granted permission by the PCI DSS and meet their requirements to continue operations. You will first have to fill out several questionnaires and go through a vulnerability scan to identify possible threats to your operation. Your business will then be asses to see what level of classification you business will fall into.
Here is a list of The levels
● Level 1: If you are a business that accepts over 6 million credit card payments per year. Payment can be from any means (phone,in person, online)
● Level 2: If you are a business that accepts 1-6 million transactions per year regardless of method.
● Level 3: Businesses with 20,000 to 1 million transactions per year
● Level 4: Any business with fewer transactions than 20,000
Once you have satisfied the requirements of the PCI DSS you are fully operational to accept all kinds of credit card payments however you still need to make sure that all compliance standards are being met. There can be disastrous fines to companies that fall out of line ranging from $5000-$100,000 per month. This is absolutely crippling and the fine is sent your bank thereby making your bank charge you. Afterwhich your bank may decide to cut business relations with you or may retaliate by drastically inflating your current banking fees.
When starting a business there are many things to consider and when it come to accepting credit cards online it will pay to be especially careful. Knowing the rules and regulations regarding being PCI DSS compliant will help you preserve your business and will pay off down the road.