Wednesday, September 9, 2015

PCI Compliance Milestones and Meaning to You

 Honor Services Office - Secure Payments for Small Business

By: Stan Washington
Date: September 09, 2015

What does it mean to be PCI Compliant?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Essentially any merchant that has a Merchant ID (MID).

What are the penalties to small businesses for being non-compliant?

The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can be catastrophic to a small business.

It is important to be familiar with your merchant account agreement, which should outline your exposure.

What is PCI Audit Relief for EMV? (October 2015)

If more than 95% of merchant Visa transactions originate from Euro Pay, MasterCard, Visa (EMV) -compliant POS terminals that support both contact and contactless transactions, the merchant may apply for relief from the audit requirement for PCI compliance (but is still mandated to be PCI compliant).

What happens on October 1, 2015?

The party that has made investment in EMV deployment is protected from financial liability for card-present counterfeit fraud losses on this date.  If neither or both parties are EMV compliant, the fraud liability remains the same as it is today.  This date excludes automated fuel dispensers.

Fraud Liability Shift.  MasterCard liability hierarchy takes effect.  The party that has made investment in the most secure EMV options is protected from financial liability for card-present fraud losses for both counterfeit and lost, stolen and non-receipt fraud on this date.

Account Data Compromise Relief:  On this date, if at least 95% of MasterCard transactions originate from EMV-compliant POS terminals, the merchant is relieved of 100% of account data compromise penalties.


American Express
Fraud Liability Shift. American Express will institute a fraud liability shift policy that will transfer liability for certain types of fraudulent transactions away from the party that has the most secure form of EMV technology.

Honor Services Office gets checked monthly on 300 or more points of compliance. Visit for safe payments.

No comments:

Post a Comment