SavingSmart is now also offering merchant services, helping businesses to save money on customer credit and debit card transactions, in addition to their energy and communications. Not only can we help you to find the best solution for you, but we will also make sure you are PCI compliant. But what exactly does this mean?
PCI compliance is another way of saying that customers’ data is secure. The Payment Card Industry (PCI) requires that businesses worldwide offer the same level of security when providing card payment systems for customers.
PCI compliance is divided into six sections, with twelve standards to be met overall:
1) Build and Maintain a Secure Network
- Install and maintain a firewall configuration to protect data
- Do not use vendor-supplied defaults for system passwords and other security parameters
2) Protect Cardholder Data
- Protect stored data (use encryption)
- Encrypt transmission of cardholder data and sensitive information across public net
3) Maintain a Vulnerability Management Program
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications
4) Implement Strong Access Control Measures
- Restrict access to data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
5) Regularly Monitor and Test Networks
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
6) Maintain an Information Security Policy
- Maintain a policy that addresses Information Security
What happens if my business is not PCI compliant?
At the most basic level, not being PCI compliant means that your customers’ data isn’t secure and you will be charged a non-compliance fee on your merchant statements which varies from one acquirer to another – an extra cost no business needs. Apart from being bad practice, this also lays you open to other problems, such as receiving complaints, being sued and losing your reputation as a reliable business. You can also be fined up to £60k for a data breach which is just enough to cause a small business to cease trading.
How does SavingSmart help my business to be PCI compliant?
Wherever possible, SavingSmart will find you a merchant services solution with a provider whose software has built-in PCI compliance.
Some acquirers will refer you to their preferred PCI partner who will offer quarterly or annual “scans” of your network to ensure that you are providing a secure service to your customers. If necessary, we can help you set this up and send you reminders of when they are due so you don’t fall behind with your compliance.
When you are compliant, you will receive a Certificate of Compliance which is valid for twelve months.
To find out more about merchant services for your business, contact Gilly Carter on 01483 600943 or 07909 523 855 or contact us here.