This is not a sudden revelation. Official procedures have been in place since 2006. However, many commercial embroidery shops may be shocked to learn that credit card providers charge for the service, but few actually help them secure certification to be compliant.
Payment Card Industry (PCI) Data Security Standards are the requirements to ensure all companies processing, storing or transmitting credit card information are secure. This includes commercial embroidery shops, as well as any business with a Merchant ID (MID).
Some commercial embroidery shops think that data violations will never happen to them. All they want to do is get to the next production job. Unfortunately, they miss crucial steps to protect their business. By maintaining a standard, a shop can easily avoid serious problems. The desire to keep with the momentum of commercial embroidery, as well as the urge to use the latest technology, could lead to a dangerous situation.
To avoid penalties for non-compliance, all it takes is a few minutes to learn what is necessary to protect your business, clients and you.
Online payments and credit card data security
Much of today’s commercial embroidery business is online. Add the rise of mobile devices, smartphones and tablets. Online payments increase the possibility of exposing sensitive data. Innovations such as tap-to-pay cell phone apps and near-field communications (NFC) that allow buyers to pay with only a pass of a smartphone over a point-of-sale terminal give an added urgency to credit card data security.
In addition, the American system of processing credit cards is far from perfect; it lags behind much of the industrialized world.
How commercial embroidery shops become PCI compliant
The steps for a commercial embroidery shop to be PCI compliant are actually very simple:
Submitting an annual self-assessment questionnaire (SAQ). Help filling out the forms usually from a PCI vendor.
A shop that uses Internet connectivity to accept credit card payments is required to have monthly or quarterly system scans. For example, if your shop has an IP terminal, virtual terminal or Point of Sale (POS). Most of these scans are automatic.
For a shop that uses dial-up technology for a credit card terminal, only the successful completion of the SAQ is necessary.
For commercial embroidery shops using mobile technologies to process payments, there are currently no other scanning requirements. This soon may change, as more shops embrace mobile technology. SAQs will update soon, to reflect newer types of payment platforms.
The cost of PCI compliance
The cost of PCI compliance is low, unquestionably lower than penalties and legal fees for a data breach. The cost is certainly affordable for any commercial embroidery shop. In most cases, it is less than $10 per month. To find out how much you are paying, check with your credit card processing provider. Ask the services they provide for the price.
See it as a red flag if they have never mentioned PCI compliance, or insist that there are no charges.
As extra protection, some leading providers offer information breach insurance, protecting you and your shop in cases of personal information accidentally leaking out. Proper credit card handling is vital for your business, and it is worth a few dollars to be safe.
There are many ways to learn details of PCI compliance: call your credit card processing company, talk with an expert or visit the official PCI website.
The best practice is to increase your comfort level with secure credit card transactions. A few minutes of your time will ensure your commercial embroidery shop pays the lowest fees possible while safeguarding your customers’ credit card information.
For more information on getting the most out of your commercial embroidery business, visit www.ColDesi.com or call 877-793-3278 today!