Digital Payments & PCI Compliance

Cash is king. So the saying goes. Or, should we say…went.

Cash has had an incredibly long reign. You’d have to go back almost 3,000 years to find a world without money as the principal form of payment. Nowadays, digital cashless options – like credit and debit cards, online electric payment services, digital wallets, mobile payments, and digital currencies – are moving into the mainstream and deposing the old cash king.

Payment Data, Security Concerns

However, there’s at least one significant factor holding back the transition to a cashless society: security. In the past year alone, data breaches, privacy concerns, and new legislation have made security a top-of-mind concern for many businesses. And we’ve seen first hand how data security can have an enormous impact on the financial well being of a company. For example, Marriott’s data breach could cost the company as much as $1 billion. This cost includes a potential fine of about $450 million under Europe’s General Data Protection Regulation (GDPR). More than 500 million customer records were exposed,

But it’s obviously not just businesses that have a stake in data security. We hear a lot about the alleged consumer “apathy” around data security. In a recent survey of more than 10,000 Americans:

  • 78% say a company’s ability to keep their data private is “extremely important”
  • Only 20% “completely trust” organizations they interact with to maintain the privacy of their data
  • 75% will not buy a product from a company – no matter how great the products are – if they don’t trust the company to protect their data

Payment Security – PCI Compliance

Businesses grappling with the transition from traditional to digital payments have to figure out how to integrate gateways, processes, and capabilities that are secure enough to protect their customers and their business. One of the best ways to ensure digital payment security is to be PCI Compliant. Only integrate with PCI Compliant payment tools and technologies.

What is PCI Compliance?

PCI is really short for PCI DSS – or Payment Card Industry Data Security Standards. The PCI Security Standards Council, which was founded by the top five credit card companies, sets these standards. They’re mandatory for any business that handles, processes, or stores credit cards – regardless of size or location.

How to Get PCI Compliance

As part of its role in the PCI Security Standards Council, VISA is responsible for classifying companies. They do so by looking at VISA transaction volume over a 12-month period. Merchants with the highest transaction volumes are classified as level 1. Those with the lowest transaction volumes are level 4. A company’s classification will determine which annual Self-Assessment Questionnaire (SAQ) they need to complete to determine if payment-processing setup is PCI compliant.

Find out more about obtaining and maintaining PCI Compliance here.

PCI Compliance Benefits from Third-Party Vendors

One question we get asked a lot is: “is it enough to use a PCI Compliant third-party provider (like a payment gateway) to process payments?” According to PCI, the answer is no. Merely using a third-party vendor does not exclude a business from PCI DSS compliance. In fact, failing to complete an annual SAQ for PCI Compliance could result in substantial fines and the suspension of a company’s ability to accept credit card payments.

But third-party vendors can ease the burden of PCI compliance in a number of ways:

  1. Using a third-party vendor that’s PCI compliant might cut down on a business’s risk exposure and consequently reduce the effort to validate compliance.
  2. A well-established third-party vendor will likely be PCI compliant at a very high level. This means that they have much stricter requirements for PCI compliance that can, in turn, also add an extra layer of security to a merchant’s customer’s data.
  3. Many third-party vendors have resources that can help companies obtain and maintain PCI compliance. For example, we often choose Braintree as the payment gateway for our clients because of its PCI status and the fact that it has partnered with SecurityMetrics, a Qualified Security Assessor (QSA) company, to offer PCI compliance assistance to merchants.

If your company is looking to move more of its traditional payments into the digital space, let’s chat. We’d love to talk through your enterprise payment integration issues and concerns. We’d like to share with you about our deep experience helping companies like Collective GoodsJobBox, and others successfully make the transition to PCI compliant, secure digital payments. Let’s connect.

Let’s build something beautiful together.
blog author shawn davison

Shawn Davison

CEO of Dev IQ, triathlete, and technology philosopher.

Scroll to Top