TCM Logo

What is PCI in Payment Processing?

Innovation in payments with TCM

PCI is about keeping payments and data secure. The poor handling of payment data and credit card details are a main cause for fraud in payments. The better your business is with making credit card transactions safe, the more trusted your business will be.  The more trusted your business is, the more successful your business is likely to be.

What is PCI compliance?

PCI stands for Payment Card Industry. You will sometimes see the full Acronym of PCI DSS which stands for Payment Card Industry Data Security Standard. PCI is a set of standards with the overall goal to prevent the theft of credit card details. 

It is mandatory for any business to become compliant with the PCI standards. Every business accepting credit card payments has to comply with PCI DSS. There are also several levels of PCI compliance depending on your business size. Even though PCI DSS is not a law, the standard is accepted and used around the world.

For your business to become PCI compliant, you will need to implement the requirements that are set for your business level by the PCI DSS standards. Every business has to complete an official PCI SSC validation form each year. 

Being PCI compliant is a benefit because it increases the chances of having solid data security which is good for you and your customers.

What are the PCI levels?

Keep in mind, regardless of your business size, age, or number of transactions, the PCI DSS applies to your business if it is accepting, transmitting, or storing credit card data. PCI DSS is divided into several levels for merchants based on the amount of transactions that your business processes per year. Each level has different reporting requirements that at a minimum need to be validated annually. 

  • PCI level 1: Merchants that process over 6 million card transactions per year
  • PCI level 2: Merchants that process 1 to 6 million transactions per year
  • PCI level 3: Merchants that process 20,000 to 1 million transactions per year
  • PCI level 4: Merchants that process less than 20,000 transactions per year
 
Most merchants in Canada and USA fall into PCI level 4. This is the least stringent level and only requires you to fill out a self assessment questionnaire which we cover in more detail. One important point to remember is that TCM can help you through this whole process to make PCI compliance simple.

How we make PCI compliance easier

PCI compliance may seem relatively intimidating at first, but the steps are not complicated .

The TCM mobile app, credit card machines, hosted payment pages, and eCommerce solutions ensure that all payment data is handled directly through us, so when the credit card holder enters their payment information, it is only managed by our PCI DSS compliant servers. This drastically simplifies PCI compliance for you. 

Filling out the PCI compliance form: the self assessment questionnaire

Reporting on PCI compliance for merchants at Level 4 can be done by simply filling out the online self assessment questionnaire (SAQ) form. However, many businesses still benefit from TCM helping during the implementation and assessment. The self assessment questionnaire is a relatively straightforward document, beginning with basic questions about your business, your location, and how you take payments. The second section asks questions about credit card security such as how your business has implemented controls listed in the specifications.

The whole self assessment questionnaire is to ensure that you have the appropriate security policies, procedures, and tools in place based on the PCI security standard. Again, this is something that TCM will guide you through.

The policies and procedures that PCI sets out are based on 12 PCI DSS requirements. For the most part, many of these requirements are common sense and good business practices. The 12 requirements for PCI DSS compliance are:

  1. Install and maintain a server firewall to protect cardholder data
  2. Do not use vendor-supplied default passwords
  3. Protect stored credit card data
  4. Encrypt the transmission of credit card data across public networks
  5. Use and regularly update antivirus software
  6. Develop and maintain secure systems
  7. Restrict software access to credit card data to need-to-know people
  8. Assign a unique ID to each person with computer access
  9. Restrict physical access to credit card data
  10. Track and monitor all access to network resources and credit card data
  11. Regularly test security systems and processes
  12. Maintain a security policy that addresses information security for employees
 

As the population increases along with the use of online shopping and personal technology for payments, so does the amount of data that is passed through payment systems every day. This is making PCI an increasingly important topic. When you use TCM, you can be assured that you have the most advance PCI controls available that make it simple for you to focus on your business.

Get help with your PCI compliance today.

TCM is an expert at making payments simple for small business and large enterprises.

Facebook
Twitter
LinkedIn
Email

Latest articles you might like