Many companies want to make paying their invoices as easily as possible for their customers and clients, so allowing them to pay via credit card seems like a no brainer. But what you may not realize is that processing – or even handling or storing – credit card information comes with a set of legal requirements.
This is where the Payment Card Industry Data Security Standards (PCI DSS) comes in. The idea behind PCI DSS is to ensure that companies create and maintain a secure environment for credit card processing. What many don’t realize, though, is that those who do not follow these guidelines can incur serious fines and fees.
Don’t think that you aren’t subject to these requirements if you only take a few credit card payments each year, or only take them over the phone? You are. In fact, you are breaking the law if an employee writes down a credit card number of a piece of paper or (God forbid!) sends an email with credit card information. If you are caught, you will not only have to deal with legal fees and fines, but you also must inform ALL your clients to let them know you weren’t properly storing or handling their credit cards, even those who have never paid you in this way.
While there are levels of security standards, getting compliant isn’t a simple matter of completing a checklist. It requires an evaluation of your environment by a PCI-certified assessor. The PCI Security Standards Council website offers a great deal of information about the requirements and inspection process, including approved credit card processing options to consider if you decide to use one of those instead of taking direct credit card payments.
We always encourage our clients to do everything they can to ensure their information is protected from the bad guys and wanted to make sure you were aware of these requirements. If you need help evaluating the security of your network and systems, reach out to us and we will be happy to help.