PaymentFacilitator partner Infinicept just published an article that tackles the topic of PCI compliance as it relates to payment facilitators. Below are some key highlights. For more, including how to decipher common acronyms, avoid common pitfalls and properly consider the role of scope, check out the full article, PCI Compliance for Payment Facilitators.
Adhering to the Payment Card Industry Data Security Standard (PCI DSS) protects payment facilitators and their submerchants from data compromise and the costs associated with it.
The PCI DSS was developed by a coalition of five card brands (American Express, Discover, JCB, Mastercard and Visa) to protect the integrity of the payments system. Any entity that stores, processes or transmits cardholder data – including payment facilitators – must comply with the standard. A lack of PCI compliance can have serious, material implications, both financial and reputational.
But complying with the standard has significant impact on your business. It also comes with its share of misconceptions and pitfalls. So how can PFs navigate the intricacies of PCI compliance successfully?
4 Keys to PCI Success
- Education. For a new PF, PCI compliance can be mystifying. The first step to navigating PCI effectively is education. Learn what you and your submerchants are responsible for and why. There are plenty of online resources to give you a basic understanding of PCI.
The PCI Security Standards Council’s website has many documents to demystify PCI compliance for both payment facilitators and their submerchants.
- Communication. Once you’ve educated yourself about PCI, it’s important to pass on that knowledge to your submerchants. It’s important for submerchants to know not only what they’re responsible for, but why. Knowing how PCI compliance protects cardholder data gives much-needed context to what can otherwise be an overwhelming set of policies and procedures.
Communication about PCI isn’t a one-time conversation. It’s important to maintain an ongoing dialogue to ensure that your submerchants remain compliant and that any questions or concerns they have about PCI are resolved.
- Seek Expert Help. While PCI compliance may be new to you, the good news is, it’s a well-established standard with plenty of expertise within the payments industry. Companies like ControlScan and Very Good Security provide innovative data storage solutions, allowing companies – even those with no PCI or payments background – to feel confident they are protecting consumers’ data effectively.
- Repetition. Once you have policies and procedures in place, they should not just gather dust on a shelf in someone’s office. It’s important to make sure PCI compliance becomes a part of the normal business routine, for both PFs and their submerchants. Repetition is essential to maintaining PCI compliance.
For new PFs, PCI can feel like a steep learning curve. But fortunately, there is an abundance of help to guide you on your path to compliance.