Many merchants ask me this question and want to know how it will affect their business. The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements developed by the major credit card companies to enhance credit card data security. These requirements only apply to e-commerce merchants or merchants that are using an online payment gateway. In recent years there have been many card industry security breaches. It became apparent that there needed to be specific guidelines for all merchant services providers that store card holder data and all merchants that pass data through their terminal.
According to the bank card associations, in October 2008 any merchant that applies for a new merchant ID from any credit card processing company must be PCI DSS compliant. In some cases this may mean the merchant will have to download a new application into their terminal. By October of 2009, all merchants must be PCI DSS compliant.
If you are using a POS terminal at a retail location, you are still passing data through the system. The application running on your terminal must be an up-to-date version. Most card processors call you to do a download or an upgrade similar to when truncation laws were put into effect. If you have not received a call yet, be proactive and call your card processor to get compliant.
So why is it important for a merchant to be PCI DSS compliant? Well for one thing the members of PCI Security Standards Council (American Express, Discover, JCB International, MasterCard, and Visa) continually monitor cases of account data compromise. A security breach and subsequent compromise of payment card data affects many different entities from card holders to business owners.
If you are a merchant, below are some suggestions from the PCI Data Security Standards website: