Any business that processes credit card payments must comply with PCI standards and practices. These standards are detailed in a document called the Payment Card Industry Data Security Standard (PCI DSS). The exact standards your business must follow depends on its size. There are four levels of business classification that the PCI assigns based on the number of transactions a business makes.
- Level 4: Less than 20,000 card transactions per year
- Level 3: Between 20,000 to 1 million card transactions per year
- Level 2: Between 1–6 million card transactions per year
- Level 1: Over 6 million card transactions per year
While all legitimate processing providers are required to offer PCI compliant services, it’s still worth investigating the PCI standards for yourself, as any noncompliance can lead to legal action. Ask your processing provider how your business can uphold its end of the PCI compliance standard.
PCI compliance is complicated if your business handles it alone. Luckily, most processing companies handle credit card processing, transaction history, and credit card detail storage for you.
Certain processing providers like Square, for example, don’t share detailed card and customer information with businesses directly. Because of this, Square takes on most of the PCI burden. That’s why a business can order a free Square reader and immediately start processing cards without much fuss.
The easiest course of action is to find a processor, like Square, that takes the burden of compliance. Most processors do just that, but it's always good to ask.