You’ve probably heard the term “PCI compliance.” You may even be PCI compliant. But what does that really mean? Does your association HAVE to comply, or is it more of a security recommendation?
Today, we’re going over the basics - what PCI is, why it exists, and whether or not you really need it (plus fees you might encounter along the way).
Take a look!
What is PCI?
PCI refers to a technical procedure created by credit card companies that guides how you handle, disseminate and store credit card information. The scope of PCI applies to any debit, credit, and/or prepaid card branded from American Express, Discover, JCB, MasterCard, and/or VISA.
Why does PCI exist?
The PCI standard was created to increase controls around cardholder data to reduce credit card fraud. (So even though it might seem complicated, it’s actually a good thing!)
Does my association need to comply?
According to the credit card companies, PCI compliance is necessary if your organization “stores, processes and/or transmits cardholder data.” In a nutshell, if your nonprofit accepts credit card payments, you need to comply.
Requirements for compliance, however, vary widely depending on the types of processing you do and the volume of the credit card transactions processed. Merchants fall into one of four levels. Most nonprofits fall into the lowest processing volume category (Level 4 with less than 20,000 Visa/MasterCard transactions per year), where the primary requirement is completion of a PCI self-assessment questionnaire and a mandate to use Payment Application-Data Security Standard (PA-DSS) compliant payment applications.
What are PCI fees? Do I need to pay them?
PCI fees range from $99 to $149 per year. Fees fall into two categories:
- Fees to provide no compliance support (What?!)
- Fees for compliance assistance and scanning (Ok, now that makes a lot more sense.)
Only pay this fee if the processor is assisting you in completing your self-assessment questionnaire or if they’re including some kind of insurance for a breach. If they’re providing no support and no insurance, this is a junk fee. (Beware!)
Note: Monthly non-compliance fees will apply if you’re not compliant.
We get it. PCI compliance and other security procedures can often seem complicated and overwhelming. But that’s why it’s important to partner with a technology provider that has your best interests (and security) at heart.
In fact, when choosing a provider (an AMS provider, in particular), there are several questions - beyond features - you’ll want to inquire about. Check out our free guide below for six questions in particular!