What is PCI compliance and do I need it?

What is it?

PCI Compliance is a requirement set forth by Visa and MasterCard that requires everyone that has anything to do with the acceptance and/or transmission of electronic funds transfer to become PCI Compliant. This is governed by the PCI Security Standards Council.

Becoming PCI Compliant typically means filling out some forms that explain how you handle credit card information and paying a company to verify your answers and issue you a certificate.

Do you have to be PCI Compliant?

Technically no. In fact most payment processors will pay some lip service to your need to be PCI compliant but won't prevent you from using their services if you are not.

However, if you have a data breach and you are not compliant, then you maybe liable for hundreds of thousands of dollars in fines.

How do we get certified?

The best place to start is with your payment processor. For example, if you use iATS, you are automatically assessed a $125 per year fee that pays for it. All you have to do is follow up and fill out the forms.

If you use a different payment processor, please ask them how to become PCI compliant.