PCI Compliance: The Who, What and Why

Written by Ross Sprague

Maze-garden small.jpeg

Many prospective merchants that I talk with are often frustrated with their level of customer support and unhappy with their overall processing rate they are paying to accept credit cards at their business.  The biggest pain point for merchants across the board is understanding PCI Compliance.  What is PCI Compliance? Why do merchants have to take a PCI Questionnaire? Why are merchants often billed PCI Non-Compliance Fees? What does PCI even mean? 

PCI (Payment Card Industry) standards for compliance are mandated by the credit card companies to help ensure the security of credit card transactions in the payment industry.  PCI compliance refers to the technical and operational standards that merchants are to follow to protect the credit card data of their customers.  These standards can range from something as simple as employees shredding or burning any full card numbers that are written down to something as complex as maintaining a secure internet network at their place of business.  I always like to explain PCI compliance as a merchant's way of saying they are not being complacent with their customer's cardholder information.  But how do merchants operate while protecting their customer's data? That is what the PCI questionnaire is for.

A PCI Self Assessment Questionnaire (PCI SAQ) is a merchant's way of showing that they are taking the security measures required to keep cardholder's data secure at their place of business.  This is where a merchant states that they will shred or burn written card information once a transaction is completed and other statements like only certain employees have access to running cards. These questionnaires can vary in length determined by what type of business you are and how you accept payments, ranging from as few as 22 questions to as many as 329 questions.

Your merchant processing partner should be able to assist you in selecting and completing the appropriate questionnaire. Filling out the questionnaire usually takes about 10-15 minutes over the phone with a dedicated member of a PCI Support Team.  Sometimes a Network Scan is required, in which any vulnerabilities to a merchant's internet network may be identified and would need to be remedied in order to become PCI compliant.  These are usually quick fixes for any networking or IT specialist.  We at PolyPay are happy to connect with the merchant and the member of the PCI Support Team together over the phone so that this task is accomplished shortly after they go live with us.

If becoming PCI compliant is so easy, why do so many merchants find themselves paying PCI non-compliance fees ranging from $25 to $125 per month? The answer is disappointing, but common. Most processing companies would lose out on easy profit from monthly PCI non-compliance fees if the merchant were made aware of this. 15 minutes of a merchant's time could save them $300 to $1,500 a year per processing account they have open.  PolyPay is successful when our merchants are successful; we are not looking to pad our pockets with unnecessary fees at the merchant's expense.

Here at PolyPay we send out monthly reminders to any merchants that are falling out of compliance and kindly ask to schedule a quick call with us and our dedicated PCI Support Team to keep your merchant account in PCI compliance.  Doing so will best protect your customer's cardholder information and save you money at the same time. Connect with us today and let us partner with you to ensure you are compliant now and in the years to come. 

PolyPay