It’s virtually unheard of for businesses to not accept credit cards. Unfortunately, there are situations where businesses that once accepted credit cards are no longer permitted to. There can be a number of reasons for this, but one of the most common reasons is a business not being PCI compliant.
What is PCI?
PCI stands for the Payment Card Industry which is a council run by major credit card companies like Visa, MasterCard, American Express, Discover, and JCB International. This council sets the standards for security in regards to credit card transactions and each business that accepts credit card payments must be compliant with these standards. The need for these standards have never been more important with fraudulent online and retail purchases on the rise. In addition, meeting these standards can avoid many hassles when fraudulent charges are made.
In order for a business to comply, the council developed the PCI SAQ. This is the Payment Card Industry Self Assessment Questionnaire. Completing this questionnaire is mandatory in order for a business to accept credit card payments. There are also significant repercussions is a business tries to accept credit card payments without completing this mandatory questionnaire.
PCI SAQ : What Questionnaire is Needed
The real question business owners have is what PCI SAQ do you need. The self-assessment questionnaire is broken down into categories. Each questionnaire is customized to a particular type of business. For example, there are questionnaires for strictly e-commerce businesses. There is another questionnaire for brick-and-mortar businesses only. In all, there are 8 different questionnaires pursuant to different types of businesses. As to which questionnaire is right for a particular business, a business owner can reach out to the PCI council via their website to get more information. Then they are able to begin the PCI compliance process.
Once a business knows what questionnaire they have to complete, it’s time to determine what certification level a business will qualify for. PCI certification has broken businesses down in the four separate levels.
- Level 4 is for businesses that process less than 20,000 e-commerce transactions and less than 1 million standard transactions.
- Level 3 is for mid-sized companies that have anywhere from 20,000 to 1 million credit card transactions in a given year.
- Level 2 is for businesses that have 1 million to 6 million transactions per year.
- Level 1 is reserved for the large retailers that have over 6 million transactions per year.
Failure to be in Compliance
It’s also important to understand that this certification needs to be renewed every year. Trying to accept credit card payments without PCI certification or not renewing PCI certification every year and continuing to accept credit card payments can lead to a loss of a credit card merchant account. This means a business cannot accept credit cards.
Letting PCI compliance run out can also result in fines ranging from $5,000 to as much as $500,000. It will also put the business on a terminated credit card vendor list. This essentially blacklists a company from being able to accept credit card payments for several years.
If you’re starting a business and you want to accept credit card payments, it’s important to know what PCI SAQ you need and when you find out, you need to get the right PCI certification. The questionnaires have been known to be a bit tedious and it will have to be renewed each year.
However, to avoid fines, your business being blacklisted from credit card companies, and to provide customers with a safe environment to make credit card payments, this sort of certification shouldn’t be marginalized.