If your business takes credit cards in the field you know that PCI compliance is required. The Payment Card Industry (PCI) set a Data Security Standard (DSS) that requires adherence for all business that processes, transmits or stores payment card data. PCI compliance also applies when you take credit cards using a smartphone or a card reader like Square.
When using a tablet or smartphone as a Point of Sale (POS) or Field Point of Sale (FPOS) system, these same standards apply but there are also specific mobile payments standards to be compliant when processing cards.
Digital Age Security Risks
Hackers have been around for a while and are now getting more sophisticated. Anything connected to the internet is immediately vulnerable and not even the best security is guaranteed to be 100% safe.
Fortunately, the credit card payments industry helps to fight against potential issues. Contactless payments apps, chipped credit cards and smart phones have opened up technological and legal considerations to keep everything safe for businesses. Be smart because if you process or store customer payment information, you’re a potential target for theft. PCI DSS serves as the foundation for basic business security practices to protect your business.
Does your payment processor accept mobile payment options like PayPal, Apple Pay or an app such as iWallet? If not or if you’re looking to make any changes, you must notify the PCI Security Standards Council, which will validate the end-2-end security of your payment processing system.
The PCI SSC is a third-party organization created by Visa, MasterCard, Amex and Discover that maintains a website with everything you need to know about PCI compliance.
Non-Compliance Will Cost You
PCI SSC isn’t a government regulator like the FTC or SEC and can/will fine your business if you’re not compliant. The card issuers and banks work together and you don’t want to be card-processing or banking blacklist.
If PCI standards finds your business is not in compliance, banks will perform forensic research to determine the cost of bringing you into compliance and punishment. Fines can start at $5,000 and go up to $100,000 per month. Actual cost varies depending on how long you’ve been noncompliant and the time that it takes to become compliant.
Companies face stiff penalties if they are found responsible for a data breach, regardless of whether or not you are PCI compliant. Penalties may include suspension of credit card processing privileges, possible civil litigation and even pay each cardholder $50-$90 per compromised.
Security breaches with personal customer payment information can be a contributor to businesses closing due to the high costs to fix them. The reputational impact on your business and customers is hard to get back.
Everything You Need to Know About Mobile Compliance
Most PCI standards are common sense, such as not making information easily accessible however with the many different mobile devices platforms making it trickier to remain PCI compliant.
Your payment gateway API is what matters. The two major considerations are the level of control you get vs. the out-the-box easy to use for businesses that don’t have IT support for development and big budgets to handle the cost. Make sure to go with a mobile POS or FPOS provider that is compliant. What matters most when looking at payment apps is point-to-point or end-to-end encryption.
Security Encryption Needed
Two of the most widely used encryption algorithms used today are AES and RSA. They are both very secure and effective but they are used in different ways.
Encryption converts data into a form where the original meaning is masked and only those properly authorized can decipher it. It is achieved by scrambling the information using mathematical functions based on a number called a key. An inverse process, using the same or a different key, is used to unscramble (or decrypt) the information. If the same key is used for both encryption and decryption, the process is said to be symmetric. If different keys are used the process is defined as asymmetric.
Advanced Encryption Standard (AES) is a symmetric block cipher chosen by the U.S. government to protect classified information. AES is essential for government computer security, cybersecurity and electronic data protection and is implemented in software and hardware throughout the world to encrypt sensitive data.
These are just a few of the security icons your processor should have.
Regardless of what processor you use, to maintain security and avoid fines PCI compliance is mandatory. You can’t afford a data leak, nor do you want to be found a cause for credit card fraud.
Mobile devices are particularly vulnerable due to them being multi-purpose computers, similar to desktops in processing power. It’s important to go a processor such as iWallet, the #1 FPOS app that stores payment information on cloud servers. The app includes TRUSTEe Certified Privacy, RSA Security and AES Encryption to help keep your business compliant.