Lately there have been reports of processors that are starting to charge their customers $19.95 per month for not being PCI compliant and an additional $100 – 200 annual fee for a total of $350 - $$ a year for PCI Compliance this is outrageous. To fix this problem, these processors are requiring their customers to install some PC based scanning software that is supposed to magically make the business PCI compliant, thereby allowing them to avoid the monthly charge.
Let me start out by saying: This is a scam!! Reputable processors will have already paid this fee for their merchants, do your due diligence and shop for the right merchant processor.
There is nothing that you can just put on your PC that will make your business PCI compliant. This is so far off course that it hardly can be related to PCI. PCI compliance is in reference to networks, computers, hardware and software that play a part in the processing, storage, or transfer of a credit card transaction.
It is now required that every business be PCI compliant, but let me assure you that there is no simple computer program that will do this for any business. Even if only a single computer is used to enter card data, it is unlikely that it is the only piece of the puzzle, and even more unlikely that a single piece of software can guarantee PCI compliance.
Steps to get compliant:
1. Determine whether you need to be PCI compliant. (If you accept credit cards, or play
any part in the processing of a credit card, you need to be PCI compliant.)
2. Determine which Level of compliance is required for your business.
* Level 1: Greater than 6 million credit card transactions per year or any business that
has suffered a hack or data breach, or any business deemed Level 1 by card
* Level 2: 1 to 6 Million credit card transactions per year.
* Level 3: 20K to 1 Million credit card transactions per year.
* Level 4: Less than 20K ecommerce or 1 Million total transactions per year.
3. Fill out the self assessment questionnaire (SAQ).
4. Fix every area that you answered ‘NO’ to on the SAQ.
5. Hire an approved scanning vendor (ASV) to perform quarterly scans of any external networks. – All Levels
6. Fix and maintain any failed area of the scan.
7. Level 1 Only: Complete an annual on-site audit by a Qualified Security Assessor (QSA).
8. ** Continue to maintain security of networks and card information! **
Once you complete all of those requirements, and maintain a secure network and business environment, you are PCI compliant. Most of the details of PCI compliance can be found in the SAQ, and on the PCI Security Standards website.
If you are a merchant that has experienced the PCI compliance fee, please give me a call to see if Merchant Services Brokers can help your business in avoiding this fee.
Phil Herrington “The Credit Card Guy”
Merchant Services Brokers