PCI Compliance for Startups

A lock on top of credit cards_CardinalCommerceWhile no one wants to have to think about compliance when running an eCommerce site, small business owners must understand what PCI compliance is and how to remain on the right side of it. It can be costly part of the job, no doubt, but more expensive if you ever become noncompliant. Think of it as a recurring expense, and make sure you put the requirements into your annual budget to avoid any surprises. 

To start at the beginning, we’ll discuss how a business can make sure it is PCI compliant.  A PCI compliant business is one that keeps, processes and transmits information from a credit card in observation of the Payment Card Industry Data Security Standard (PCI DSS). This industry group has a list of standards, which they share publicly. 

While many people see PCI compliance as an annoying hassle, it’s worth looking at the positive outcomes that can result from remaining PCI compliant, including helping your company to mature and grow. Your company will show high value if it’s PCI compliant because having the certification means you’ve put time, energy and money into your risk management. This goes a long way when it comes to how other businesses view your company. 

So, how do you tell how much cash you need to set aside for PCI compliance each year? Here are a few factors to consider:

  • How many transactions your business processes: make sure you consider your different vendors, as each one has different requirements.
  • The type of business you are running: size, number of employees, retail vs corporate – these all play a factor.
  • Number of employees: remember that as the number grows, so does the risk involved with each transaction. If you’re a large corporation, you’re going to be paying more for compliance.
  • Physical environment: location, onsite and offsite hardware, employees who are able to work from home or remotely – these all add up to significant risks that need to be assessed when looking at compliance costs.

The most important thing to remember is that noncompliance fees can occur on a monthly basis, and they can quickly add up to much more than paying for PCI compliance up front. There are companies who specialize in PCI compliance, so consult one of them with any questions.