News Feature | December 16, 2015

Misconceptions Your Merchant Clients May Have About PCI Compliance

Christine Kern

By Christine Kern, contributing writer

Misconceptions Your Merchant Clients May Have About PCI Compliance

An infographic from TransFirst highlights some of the common misconceptions retailers have about PCI compliance. This information provides insights that can help VARs better understand and serve their merchant clients.

All merchants that accept credit cards must meet Payment Card Industry Data Security Standard (PCI DSS) requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. It’s also important to recognize that PCI compliance is also an ongoing process, and merchants must constantly strive to maintain it.

One place where confusion remains is the recent liability shift connected to the introduction of EMV chip and PIN technology. Randy Davidson, senior retail industry analyst at Tectura, a provider of business consulting services, explains some merchants may think EMV will replace PCI compliance. “It doesn’t change the PCI requirement, and although they’re coupled together in some capacity, PCI compliance deals with the storage of credit card data or how it’s handled from an infrastructure security perspective. The chip and PIN technology adds just that additional level of security at the time of processing,” he says.

Another misconception is that PCI compliance relates only to point of sale (POS) software itself; the requirements actually extend beyond the software — and also beyond hardware to even policies and procedures that need to be implemented.

Your merchant IT clients could also be confused about compliance related to payment processing in the cloud, with some believing that if their credit application is hosted somewhere other than on their servers that it reduces the risk or requirement for PCI. This is not the case, because even if the application is hosted offsite, it remains accessible from the merchant’s network.

To access the infographic from TransFirst, visit http://www.transfirst.com/resources/infographics/retailer-misconceptions-about-pci-compliance.