Q&A: everything organisations need to know about PCI compliance

What is PCI compliance? Why do I need it? And what does it mean for my organisation?

I often get those common questions from business owners who accept payments online and want to demystify their cybersecurity requirements.

So today, I will unpack the most frequently asked questions about PCI compliance to help you understand your obligations when doing business online.

What is PCI compliance?

The Payment Card Industry Security Standards Council (commonly shortened to PCI SSC or PCI council) is an organisation run by payment card companies. The PCI council sets best-practice standards for the secure storage of credit card information online.

Every organisation that allows payment card transactions online must follow these standards.

Why is PCI Compliance important?

Should your organisation fall victim to a data breach, PCI compliance means that customer data remains protected.

Why do I need PCI compliance?

PCI compliance offers the highest possible level of protection for businesses (and their customers) against data theft.

69% of digital payment users (people who buy online) are concerned about the security of online payment platforms.

If you conduct business online, demonstrating PCI compliance will mean potential customers (especially those wary of the security of online payments) are more likely to buy from you.

Is PCI compliance mandatory?

PCI compliance is mandatory if you accept credit or debit cards as a form of online payment.

Other businesses subject to mandatory PCI compliance requirements are:

businesses that accept credit or debit cards for payment, even if they use a third-party vendor’s hardware, software or application to do so.
service providers that store credit/debit card data on behalf of another business.
hosting providers or other service providers that process or transmit credit/debit card data on behalf of another business.

How often do you have to demonstrate PCI compliance?

You will need to demonstrate PCI compliance annually.

When should you be compliant?

You should be PCI compliant all the time, as it can only take a second of vulnerability for cybercriminals to pounce.

What are the consequences of not being PCI compliant?

As well as putting your business and customers at risk of a debilitating data breach, banks may not allow you to process credit card payments without PCI compliance – They don’t want a possible data breach to be their problem!

So without PCI compliance, you won’t be able to make sales and do business online.

Should I maintain PCI compliance myself or get someone else to do it?

It is possible to maintain your organisation’s PCI compliance yourself.

The PCI website has some fantastic resources that will help you achieve and maintain compliance.

However, understanding PCI compliance requires a lot of time and resources from your organisation that is usually better spent elsewhere.

PCI compliance can be simple, quick and cost-effective – That is, when you have the right company that takes time to understand your business.

Stratica helps you get compliant and stay compliant quickly and effectively!

Whether you would like to gain some more clarity on your PCI obligations and how to achieve compliance, or you would like to find out more about how Stratica can help ensure your business stays compliant 24/7/365, get in contact with us for a free consultation.