The Payment Card Industry Data Security Standard (PCIDSS) is a set of regulations detailing security requirements for merchants and merchant service providers regarding the storing, processing and transmission of cardholder data. They are a combination of technical and operational requirements intended to prevent credit card fraud, hacking and various other security vulnerabilities. This standard is meant to safeguard consumer data as well as provide a more secure processing environment at every merchant location. This is a global initiative being implemented across the industry.
Why is it important?
The last decade has seen some of the worst compromises of consumer data in history. Fortunately, Harbortouch systems have never been breached, but we must embrace the PCI standards and take a proactive approach in order to provide the highest level of security for our customers’ payment information. The process is not limited to Harbortouch; it requires the compliance and best practices on the merchant level as well, including the use of PCI compliant credit card terminals. In this technological age, it is critical that we maintain maximum protection of consumer data and specifically credit and debit card numbers.
What do I need to do?
Most importantly, you need to keep educated about the PCI standards and how to remain compliant. This website will help you accomplish this goal. It provides many valuable resources, including complimentary self assessment questionnaires and system scans. However, there is only so much Harbortouch can do on your behalf. The majority of PCI compliance relies on our merchants using best practices and keeping themselves educated. Together we can make sure that our customers’ payment information is as safe and secure as possible.
If I do nothing, is that okay?
The major credit card networks have implemented substantial fines and penalties for failing to remain PCI compliant. The consequences can be tremendous, especially in the event of a cardholder compromise.
Is this why I was charged a PCI fee?
Virtually all processors are now assessing PCI fees. The expense of PCI compliance for Harbortouch goes well beyond making this website; in addition to the expense of remote PCI system scans, these guidelines have required us to make substantial upgrades to our processing systems, implement new security protocols and hire additional employees. It is becoming increasingly rare to find any processor not implementing an annual PCI fee to cover these expenses. If the fee is not directly labeled as a “PCI fee”, these costs are most likely being paid under the pretext of another type of fee. Harbortouch has tried to keep its PCI fee as small as possible while still enabling us to recuperate the expenses we have incurred in order to comply with the PCI standards and it is important to note that our charges have been substantially less than most other processors.
If I pay the fee, am I 100% covered?
No although the annual PCI assessment covers a substantial portion of the expense as described above, it is up to each and every merchant to ensure that best practices are being followed to maintain a completely secure payment environment.