What is PCI Compliance?


What is PCI Compliance? It’s a frequent question we answer at Cynergy Data Texas. Quite simply, PCI Compliance, short for Payment Card Industry Data Security Standard, is a set of requirements to ensure that merchants process, store, and transmit sensitive information in a secure manner. These standards apply regardless of whether the transaction was processed at a point of sale system, through e-commerce or over the phone. The ultimate goal of PCI Compliance standards are to limit and deter credit card/debit card fraud. PCI compliance is recommended for any merchant that process credit or debit cards- whether at a point of sale or over the phone. While PCI Compliance is not mandated by federal law, several states mandate PCI Compliance.

In 2006, major credit card companies Visa, MasterCard, American Express and Discover founded the PCI Security Standards Council to create enforceable security standards applicable to transactions and other merchant functions. As an independent body, the PCI SSC hands down penalties to the merchant’s bank not the merchant— however, banks will pass these charges through to the merchant and sometimes even terminate contracts! Because PCI Compliance is not mandated by law, penalties ultimately can be difficult to enforce. However, PCI Compliance penalties have been known to range from $5,000 per month to $100,000 per month.

PCI Compliance has several levels depending on the annual number of transactions. These levels vary from 1-4 and are often defined by each individual credit card company. For example, here are the breakdowns for Visa.

Level One: Merchant processes over 6 million Visa transactions annually.

Level Two: Merchant processes between 1 million and 6 million Visa transactions annually.

Level Three: Merchant processes between 20,000 and 1 million Visa transactions annually.

Level Four: Merchant processes fewer than 20,000 Visa transactions annually.

At Cynergy Data Texas, we help our clients navigate PCI Compliance. The process starts with an Online Self Assessment Questionnaire for the merchant. After completing the SAQ, the merchant is certified with the major card companies. Our goal is to assist our clients with the 12 Steps of Compliance as well as quarterly network scans if needed. If your business is not PCI Compliant or you have questions about PCI Compliance, contact us at Cynergy Data Texas today. Keep your customer’s information safe and your business safe from compliance penalties!