PCI compliance refers to the rules and guidelines set down by the PCI Security Standards Council to ensure secure transactions. Businesses that don’t follow these standards could face legal trouble.
The PCI’s site categorizes its standards under a number of goals that all businesses that process cards must comply with:1
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
Many of these standards relate specifically to what your processor must do. The processor builds and maintains the network, protects cardholder data, manages vulnerability, implements access control measures, and monitors and tests its networks.
That said, a few of these measures directly impact your business. For example, you have to be sure that the way you handle cardholder data is PCI compliant. Your responsibility increases the more data your processing company shares with you. Many processing companies don’t actually share any specific credit card data. By storing credit card data on their own sites and servers, only giving you limited access to data via analytics reports, processing companies can shoulder the bulk of the security burden.
So, if you plan on going into processing, be sure to ask your processing provider about what it expects from your business in regards to PCI compliance.