What is PCI Compliance?

For most business owners, maintaining security can be a daunting task with many confusing hoops to jump through and procedures to follow.  By sharing some background and context, we want to help you have a better understanding of what it takes to overcome the hurdles in becoming compliant with the industry’s requirements and keeping up with the many advancements in technology.


Data security is more important than it has ever been with the rise of hackers and data theft.  PCI Compliance procedures were set in motion to decrease vulnerability and increase data security by the major card brands, and in 2004 were made mandatory for all businesses processing debit or credit cards. 

If you’re a business who currently accepts or would like to accept Visa, Mastercard, Discover, AMEX or JCB, you are required to meet a set list of practices that were created by the PCI SSC (Payment Card Industry Security Standards Council.)   Security Metrics* reports that in “2016 the number of data breaches tracked in the US rose 40% according to a study by the Identity Theft Resource Center (ITRC).”


We understand that the process of becoming compliant can be a bit tedious, but is well worth the time spent to ensure your business and your customers’ data is secure.  Most merchant services providers will partner with a PCI services company to verify your payment processing protocol and run the scans on the internet connection. 

The process has 3 main steps:`

  • Filling out the self-assessment questionnaire

  • Initiating the scan on your public facing IP address

  • Recertifying your self assessment questionnaire annually

It’s really as easy as that. Generally the SAQ will not need to be filled out again and once you complete one scan, the PCI company will run scans quarterly to maintain your compliance. 


So how do you go about becoming compliant if you aren’t already?  Firstly, It is your merchant services provider’s responsibility to initiate the process of getting your business in compliance.  So if you’re not sure you’re compliant, reach out to your merchant services provider right away to find out.  Ultimately it is your responsibility as the business owner to finish the process of filling out the questionnaire, completing the scan and being sure you are in compliant status.  Generally you will have 3 months to a year (depending on the terms of your agreement) from when you open your account before penalties are applied, but if it is not completed you could potentially be charged non-compliance fees ($10-$40 a month ) in addition to your current processing fees. 


We at Calibr strive to educate our merchants on the full extent of what they need to know to be secure, smart and successful when it comes to accepting card payments.  Please reach out and let us be a resource to you regarding PCI Compliance or any other issues your business might be facing.  We also do a free, no obligation analysis to see if there are any ways you can maximize your company’s resources and minimize your expenses.  We would love to help your business thrive.

*Security Metrics is one of the country’s largest providers of PCI Compliance services. Quote taken from “PCI Basics for Merchants”: http://info.securitymetrics.com/pci-basics-for-merchants