As credit card data becomes increasingly vulnerable to cyber attacks, industry standards have worked to strengthen business security practices to better ensure the privacy and safety of customer data.
Credit card vendors American Express, Discover Financial Services, JCB international, MasterCard and Visa formed the PCI (Payment Card Industry) Security Standards Council came together with the goal of guiding merchants toward a uniform approach to securing credit card data. And the resulting PCI Data Security Standards (DSS) lays out those expectations.
Who is responsible for holding businesses accountable for maintaining PCI compliance? Surprisingly, it isn’t the PCI Security Standards Council. Although the Council develops and maintain the PCI DSS, they don’t verify that businesses are following the rules. That responsibility falls to the five payment card brands: Visa, MasterCard, American Express, JCB International and Discover. Merchants agree to meet the PCI DSS as part of their contractual obligation with the credit card companies.
Each year merchants who accept credit cards provide a 3rd party validation or self-assessment of their cardholder environment to their merchant service provider. The credit card brands then, at their discretion, apply penalties for non-compliance. Fines are levied against the acquiring banks that hold the credit (think Chase or Bank of America) and those fines are usually passed along to the violating merchant. Or the bank could choose to stop processing credit cards from the violating merchant or enforce an additional monthly processing charge as a penalty.
These rules and penalties apply to all merchants who accept credit cards. Online business ecommerce solutions, such as those offered through ZZ Servers, can help businesses achieve and maintain PCI compliance regardless of whether they have a brick-and-mortar store, operate solely online or do business in both environments.
As an ecommerce solutions provider, ZZ Servers offers PCI hosting packages for PCI Level 1, 2, 3 and 4 merchants. Fully PCI enabled hosting environments are available to all levels of business. We can help you navigate the complex world of PCI compliance and make sure you hold up your end of the bargain.