These days e-commerce stores are popping up left and right and in such a fast growing area of business, it is inevitable that rumors will just start flowing in, confusing both newcomers and experts alike. Simply put, all businesses that accept credit cards must be in compliance with standards set forth by the Payment Card Industry Data Security Standard (PCI DSS). There are no exceptions to this rule, so why don’t we dispel some common myths about PCI compliance.
“Someone else actually processes our credit cards, we just outsource to them.”
This is one of the most common myths, and it is easy to see why. It makes sense, doesn’t it? If some third party is actually processing your cards, then why should you worry about PCI compliance? The PCI says that it is your job to ensure transactions are safe from start to finish. Having another company process the cards doesn’t mean that your customers are safe from end-to-end, starting from your website where they originated.
“My business is small – PCI compliance is for large corporations.”
While small businesses may not need to submit an actual report to the PCI Security Standards Council, you will still be held accountable if there were to be a security breach. Feigning ignorance will certainly not get you off the hook.
“PCI compliance is only for credit cards. ATM and debit cards are exempt.”
A majority of transactions will be processed as credit, regardless of the type of card used. Additionally, the same banks that issue credit cards also issue debit cards. PCI DSS requires compliance regardless of the type of card used.
“Merchants can store whatever data they want.”
Many merchants out there assume that since the customer gave them this data, they are allowed to knowingly store it however they would like. This misconception can lead to some serious legal problems. Storing certain types of data is in violation of PCI DSS and, as a result, may be in violation of state and even federal privacy laws. If your system were to ever be identified as the originating site of a data breach, which resulted in the release of card users’ data, you will be subject to fines and restitution to recoup any losses from that breach.
WHOA.com’s cloud infrastructure features PCI DSS 3.2 and ISO 27001 certification and HIPAA compliance for cloud solutions. Contact us to learn more about PCI compliant cloud services.