Understanding PCI DSS Compliance
Serving your customers is about more than just offering great products and being responsive — it’s also about protecting their payment data. Merchants must meet PCI DSS compliance standards to help protect the security of their customers’ credit and debit card information.
Though meeting PCI DSS compliance standards can feel overwhelming, it doesn’t have to be. Here’s what you need to know about becoming PCI DSS compliant.
PCI compliance basics
The Payment Card Industry Data Security Standard (PCI DSS) — also known as PCI compliance — is the set of 12 security requirements mandated by credit card networks. This standard applies to any business that processes, stores, or transmits credit cards, regardless of its size or location.
The 12 requirements specify the rules necessary to ensure the following obligations:
- All merchants must achieve and maintain PCI compliance at all times.
- Merchants cannot store some specific types of credit and debit card information, including CVV2, CVC2, and CID codes.
- Merchants must follow particular security standards to store allowed credit and debit card information, such as name, credit card number, and expiration date.
PCI compliance standards also require you to, at a minimum, complete an annual Self Assessment Questionnaire (SAQ) to validate PCI DSS compliance. In certain cases, you may be required take take additional steps to validate PCI compliance. A merchant who fails to meet compliance standards will face penalties assessed by the card networks. In addition, the PCI-related fines for merchants who are non-compliant and suffer a data breach can be significant.
SAQ and QSA
The various types of SAQ forms available might bewilder anyone who doesn’t read PCI compliance rules for fun. However, processing with Braintree Direct gives you a leg up: we provide PCI compliance validation through our partner Qualified Security Assessor (QSA), SecurityMetrics. (Additional charges may apply when you hit Level 1 or Level 2 thresholds — inquire directly with Security Metrics for more information.) Having an expert guide you through the SAQ process can help you remain PCI compliant with minimal stress.
Braintree’s PCI-compliant offerings
In addition to helping you validate PCI compliance with assistance from SecurityMetrics, Braintree also offers options that will fit seamlessly into your checkout while helping streamline your PCI compliance validation:
- Hosted Fields: Payment fields on your checkout page must be securely hosted on an external payment gateway’s domain. Braintree’s customizable Hosted Fields allow you to match the look of your website.
- Drop-in UI: You can start accepting payments quickly and easily with Braintree’s Drop-in UI. This UI offers your customers a card entry form and buttons for mobile payment, while maintaining your PCI compliance.
- Vault: You must securely store customer payment information in the case of recurring payments or save non-recurring transaction information for customers who wish to avoid reentering information with each purchase. Braintree’s gateway encrypts information and provides unique payment method tokens to any information stored in the Braintree Vault.
PCI compliance is good business
Achieving and maintaining PCI compliance may not be a public-facing part of your customer experience, but it’s crucial for building your customers’ trust and loyalty, as well as helping to protect your business from potential data breaches. Partnering with Braintree can help streamline the PCI compliance validation process, so you can put your focus where it belongs — on building your business and pleasing your customers.
Originally published at www.braintreepayments.com on May 17, 2017.