What is PCI Compliance?
Every year businesses up and down the country receive an Amazonian size booklet through their door. This booklet is filled to the brim with jargon that can’t be explained with a quick Google search. And once one gets past the dizziness of words, they are bombarded with questions. These questions are designed to catch people out. This booklet is the PCI-DSS (Payment Card Industry Data Security Standard) questionnaire. And with all this confusion, it is no wonder that 80% of businesses in the UK aren’t PCI compliant.
Despite its low uptake, PCI compliance is one of the most important aspects of a business receiving card payments. PCI Compliance ensures that the customer’s personal information is protected. It is an over-arching tool to oversee the mantra “the customer comes first”. If a business demonstrates its ability to keep its customers safe, it will also build up a solid support base. In addition, PCI compliance is essential for businesses when taking “customer not present” orders (CNP – Mail Order Telephone Order).
When a business is not PCI compliant, you would expect them to lose customer trust. Customers do not want to be in a position where their personal data is compromised. This is especially true when it comes to concerns about banking.
It is not just customer support that could punish a non-compliant business. Some businesses might incur a fine of £25 per month. This fine is something that adds up over time. If a business isn’t careful, it could be paying £300 a year unnecessarily.
The reason why I say “unnecessarily” is because many businesses are already PCI compliant. Most businesses store their customers’ records safely and securely. The reason why so many businesses aren’t PCI compliant is the above-mentioned questionnaire. The questionnaire is deliberately designed to deceive businesses. It makes them think that they aren’t PCI compliant when they are.