If you are the
owner and operator of a small to medium home business who is looking to start
accepting credit cards then you need to know the rules about accepting credit
cards as a form of payment. Even though you may consider yourself to be in a
different category compared to major retailers the rules are that even if you
accept 1-2 credit card payments over the phone per year you must comply to the
industry standards. Not being compliant with the industry standards set out by
the PCI DSS will get into hot water so please take notice of the following
information.
With so many
credit card payments floating around the internet at any given time security is
a concern for everyone. Credit card fraud and identity theft were becoming
major concerns as so a group of five of the biggest credit card companies came
together to form the PCI DSS which stands for Payment Card Industry Security
Standards Council. The council was started to set up a system of security
standards that each vendor accepting credit cards as a form of pay ment must
comply to. This was a way of ensure the protection of the people's credit card
information.
The businesses
are accountable to the various credit card companies and financial institutions
but it is the PCI DSS that is responsible for providing new countermeasures in
protecting people from new online threats. They are just a security council
that identifies weaknesses and give means of solving the problems. However you
still have an obligation to be compliant with them or face the consequences.
Basically even
if you only accept payments via phone you still have to be granted permission
by the PCI DSS and meet their requirements to continue operations. You will
first have to fill out several questionnaires and go through a vulnerability
scan to identify possible threats to your operation. Your business will then be
asses to see what level of classification you business will fall into.
Here is a list of The levels
● Level 1: If you are a business that
accepts over 6 million credit card payments per year. Payment can be from any
means (phone,in person, online)
● Level 2: If you are a business that
accepts 1-6 million transactions per year regardless of method.
● Level 3: Businesses with 20,000 to 1
million transactions per year
● Level 4: Any business with fewer
transactions than 20,000
Once you have
satisfied the requirements of the PCI DSS you are fully operational to accept
all kinds of credit card payments however you still need to make sure that all
compliance standards are being met. There can be disastrous fines to companies
that fall out of line ranging from $5000-$100,000 per month. This is absolutely
crippling and the fine is sent your bank thereby making your bank charge you.
Afterwhich your bank may decide to cut
business relations with you or may retaliate by drastically inflating
your current banking fees.
Conclusion
When starting
a business there are many things to consider and when it come to accepting
credit cards online it will pay to be especially careful. Knowing the rules and
regulations regarding being PCI DSS compliant will help
you preserve your business and will pay off down the road.
No comments:
Post a Comment