As credit card data becomes increasingly vulnerable to cyber attacks, industry standards have strengthened business security practices. Which ultimately ensures the privacy and safety of customer data.

Credit card vendors American Express, Discover Financial Services, JCB International, MasterCard, and Visa, formed the PCI (Payment Card Industry) Security Standards Council came together to guide merchants toward a uniform approach to securing credit card data. And the resulting PCI Data Security Standards (DSS) lays out those expectations.

Who is responsible for holding businesses accountable for maintaining PCI compliance? Surprisingly, it isn’t the PCI Security Standards Council. Although the Council develops and maintains the PCI DSS, they don’t ensure businesses follow the rules. That responsibility belongs to the five payment card brands: Visa, MasterCard, American Express, JCB International, and Discover. Merchants agree to meet the PCI DSS as part of their merchant agreement with the credit card companies.

Each year merchants who accept credit cards provide a 3rd party validation or self-assessment of their cardholder environment to their merchant service provider. The credit card brands then, at their discretion, apply penalties for non-compliance. Fines are levied against the acquiring banks that hold the credit (think Chase or Bank of America), and those fines are usually passed along to the violating merchant. Or, the bank could choose to stop processing credit cards from the violating merchant or enforce an additional monthly processing charge as a penalty.

These rules and penalties apply to all merchants who accept credit cards. Online business eCommerce solutions, such as those offered through ZZ Servers, can help businesses achieve and maintain PCI compliance regardless of whether they have a brick-and-mortar store, operate solely online or do business in both environments.

As an eCommerce solutions provider, ZZ Servers offers PCI hosting packages for PCI Level 1, 2, 3, and 4 merchants. Fully PCI-enabled hosting environments are available to all levels of business. We can help you navigate the complex PCI compliance world and ensure you hold up your end of the bargain.

About The Author

Scroll to Top