The credit card game is changing for small to medium sized businesses. Visa recently announced that it will require all Level 4 merchants in the U.S. and Canada to validate PCI DSS compliance annually starting January 31, 2017.
Level 4 merchants are those businesses that process less than 20,000 Visa eCommerce transactions per year or that process up to 1 million total transactions regardless of acceptance channel. That pretty much means any small to medium sized business that takes Visa.
Why it‘s necessary
Small businesses sometimes assume that data security and PCI compliance is less of a concern for them because they handle smaller volumes of credit card data. But that just is not the case — data is data and stealing from less secure businesses happens all the time.
Visa has always required Level 4 merchants to comply with the PCI DSS. But now the credit card company is also requiring annual validation of that compliance.
The change comes as a result of the EMV shift last year in the U.S. and Canada. EMV, which stands for Europay, MasterCard, and Visa, is a new global standard for credit cards equipped with computer chips and security technology to authenticate transactions, making card present transactions more secure.
The shift in technology can leave smaller merchants, which have not installed chip card readers or better information security, vulnerable to attacks on Internet-based purchases. That risk has prompted Visa to take action to encourage smaller businesses to tighten security and avoid the uptick in fraud, similar to what was seen in Europe after merchants there shifted to EMV cards.
What does it mean?
Beginning Jan. 31, 2017, all Level 4 merchants must use only PCI-certified Qualified Integrators and Reseller (QIR) professionals for point-of-sale application, and terminal installation and integration. That’s meant to ensure all technology is installed correctly and is therefore more secure.
After that date, Level 4 Merchants must annually validate PCI DSS compliance or participate in the Technology Innovation Program, an alternative to the PCI assessment. If the new requirements are not fulfilled, Level 4 merchants may possibly face fines and penalties, especially if credit card data is stolen.
This might seem like an imposition on small businesses, but ask yourself this: What’s worse, spending a little money to be more secure, or spending a lot of money to clean up a data breach?
How does ZZ Servers fit in?
ZZ Servers’ PCI hosting packages are available for PCI Level 1 though 4 merchants, offering a fully PCI compliant hosting solution built in a dedicated environment that contains all necessary controls and features to meet current and future PCI compliance requirements.
Questions? Contact us.