Last Updated April 2023
Do you know what it means if your payment processor has told you they maintain most of the burden for PCI DSS compliance? Does this change the rules your business must follow or what PCI DSS compliance means to you?
While a PCI compliant processor might offer features that ease merchant responsibility, you are still expected to take steps to maintain PCI compliance when processing credit cards.
Here are the ways a Level 1 PCI compliant processor like PDCflow makes compliance easier for you and what additional steps your business is expected to take.
What Does PCI Compliance Mean?
PCI stands for Payment Card Industry. PCI compliance means adhering to the rules the Payment Card Industry Security Standards Council has mandated to keep a consumer’s data safe while they’re making payments with a card.
Because it is important to keep consumer data secure, every merchant that processes cards must follow some level of information security and compliance.
The four levels of compliance are based on the volume your business processes per year and the way transactions are processed.
The more you process, the more you must do to ensure you are keeping Primary Account Numbers (PANs) secure, along with cardholder names, expiration dates and service code data.
What Does Using a Processor that is Level 1 PCI Compliant Mean For You?
PCI DSS requirements are based on the volume of cards processed. If you are a small or medium-sized business, your burden of compliance is less stringent than that of a large corporation.
Choosing a level 1 PCI Compliant payment processor that securely stores your credit card data can reduce the work you must do to remain compliant. Level 1 compliance also provides other benefits and protections to your consumers.
Added Data Security
PCI compliance requires any company that accepts credit cards to complete an annual Self Assessment Questionnaire (SAQ). In addition, a Level 1 Compliant processor must undergo regular vulnerability scanning and penetration tests, which provide additional protection when transmitting cardholder data.
Small merchants who run their businesses from home, or even find themselves working from home occasionally, are at higher risk of data breaches than those with secure office internet connections.
Using a Level 1 PCI compliant processor that captures and stores cardholder data enhances security no matter where employees work.
Saves Time and Money
Maintains Positive Business Reputation
What You Need To Do To Stay Compliant
Choosing a Level 1 PCI compliant payment processor might cut down on the work you must do as a merchant to maintain compliance. However, remaining compliant with PCI DSS means your organization must still follow a few steps.
- Annually fill out a self-assessment questionnaire (SAQ). This also reduces your PCI costs, since most merchant services providers charge a noncompliance fee if the SAQ is not completed. Most PDCflow clients qualify for the SAQ A, which generally takes about 10 minutes of your time to complete when using Flow Technology - PDCflow's secure request engine.
- Find out if you are required to pass vulnerability scans. (Only merchants that electronically store or transmit unencrypted cardholder data would fall under this category.)
- Complete an attestation of compliance.
- Safeguard credit card data. Due to the security risk internal data storage poses, it's best not to store data at all if your payment processor does this for you (this includes keeping hard copies of card information on file).
- Restrict access to cardholder data and properly train employees who handle sensitive card data.
What Happens if You Don't Stay Compliant?
What happens if you fail to comply with PCI compliance standards?
If PCI compliance is not maintained and there is a breach, it can result in fines between $5,000 and $100,000 a month.
That’s a steep price to pay for negligence (or simple lack of knowledge about your responsibility as a merchant). Don’t risk falling out of compliance.
Questions to Ask Your Credit Card Payment Vendors
Your payment processing vendor should be able to answer any questions you have about what PCI means, what they do to follow it and your responsibilities as a merchant.
How does your vendor store payment data?
It’s essential that you know how your vendor plans to capture and store payment information. Find providers who will capture and store card data without your employees ever having to see or type in numbers.
Is data storage secure?
All sensitive information should be both encrypted and tokenized, so even in the event of a breach, no useful information would be exposed to hackers.
What additional security controls does the vendor’s software provide?
The payment vendor you choose should be serious about security. Ask for ways to limit the amount of payment information your staff must handle and other security measures that help verify the right person is viewing the information you share with customers.
Flow Technology for PCI Compliance
PDCflow’s Flow Technology helps companies take secure payments both in the office and with remote teams. Here’s how:
- With Flow, an employee can send an email or text to customers requesting a payment.
- Customers fill in their own payment details, which are captured through PDCflow’s software without ever entering your company’s system.
- PDCflow encrypts the data and tokenizes card information. This way, it can be remembered for future transactions while still staying secure from data breaches.
To learn more about using Flow Technology for PCI compliance, request a call from a PDCflow Account Executive today.
Request a Call:
Want to know more about PDCflow Software?
Press ▶️ to watch our explainer video
- ABOUT THE AUTHOR -
Hannah Huerta, Marketing Specialist
Hannah Huerta is a Marketing Specialist at PDCflow. She creates content for the accounts receivable and payment industry.