Operational Excellence

The SME’s Guide to PCI Compliance

By Chris Crombie 22 March 2021

Data security has always been important for businesses of all sizes – not least because of the business risk and hefty fines for non-compliance. But the coronavirus pandemic, and the associated changes in business practices, has changed what compliance looks like. Remote working – together with customers who want end-to-end digital journeys – means that data security strategies that were once fit for purpose might not be anymore.

What better time, then, to revisit your compliance strategies? And PCI is a great place to start.

What is PCI compliance?

If you take card payments from customers, PCI compliance should be on your radar. It’s a set of principles to comply with the Payment Card Industry Data Standard (PCI DSS) about how businesses process, store and transmit consumer credit card data. Simply put, PCI’s goal is to prevent fraud and protect customers’ financial information from hackers and cybercriminals.

There are 12 standards that merchants need to meet to gain PCI compliance, covering everything from network security and firewalls to encryption and restricting access to cardholder data. 

To standardise and (somewhat) simplify the process, the PCI SSC has established a 4-level system for classifying businesses. Level 1 has the most stringent requirements and applies to the largest businesses. Level 4 has the simplest requirements and applies to SMEs.

Why is PCI compliance so important?

If you care about your bottom line, you should care about PCI compliance – because failure to comply can cost your business big time. Most merchant accounts charge you a PCI non-compliance fee every month until you bring your practices up to scratch. While large businesses might be able to take that kind of financial hit, it can be a death sentence for SMEs.

Complying with PCI also gets you a large chunk of the way towards GDPR compliance. Given GDPR fines can be up to 4% of annual turnover, it makes sense to bring your practices in line with the latest standards.

What about the customers?

PCI compliance isn’t just about avoiding fees and fines, however. In 2019, financial fraud across payment cards, remote banking and cheques totalled a whopping £824.8 million. Therefore, customers are more concerned than ever with financial security, particularly as online purchases increased by 6 to 10 percentage points across most categories during the pandemic. If your business is PCI compliant, you reassure customers their sensitive data is safe with you.

How do you become PCI compliant?

It’s not actually that expensive to achieve and maintain compliance. But it’s not a tick box exercise. As with all things security, PCI compliance should run through everything you do. 

That means everything from the staff training to software needs to have compliance embedded. For example, it’s better to use intelligent payment solutions with in-built PCI compliance, so you and your customers have confidence that financial data is safe at all times.

To learn more about ensuring PCI compliance, speak to a payments expert.

See other posts by Chris Crombie

Senior Product Owner

As a Senior Product Owner, Chris is responsible for ensuring the business identifies and understands customer needs and priorities. He defines the road-map and growth opportunities for Voice and Synapse, overseeing implementations whilst keeping all developments in line with the product vision. With over 15 years’ experience working within the customer engagement space, Chris is perfectly placed to consult and design innovative services for our customers.

Generated with Avocode.FontAwsome (linkedin-in)