PCI (Payment Card Industry) compliance applies to all organizations and merchants regardless of size or number of transactions. In place since 2005, it protects credit card data from hacking and fraud. You can view the standards here. One card provider, Visa, categorizes merchants into four levels based on transaction volume over a 12-month period.
- Merchant Level 1 – processing over $6m/year
- Merchant Level 2 – processing $1-6 million/year
- Merchant Level 3 – merchant processing 20,000 to 1 million/year
- Merchant Level 4 – merchant processing fewer than 20,000 e-commerce transactions per year and processing up to $1m/year
Any merchant that has been hacked and account data compromised may be escalated to a higher validation level.
The best way to protect yourself is to not store any cardholder data.
Questions you need to know from your hosting provider:-
- When do I need to file?
- What forms do I need to fill in?
- Will you send me reminders?
- What information do you provide me?
The fines for non-compliance or confirmed security breaches vary according the payment card providers. Fines are hefty and best avoided. For more information, read the PCI-DSS comprehensive guide.