Setting up an online presence has many advantages for small businesses such as expanding your market and attracting new customers that can lead to increased sales. But, as the U.S. Small Business Administration (SBA) points out, doing business online comes with additional legal and financial considerations, especially in the areas of privacy and security.
The SBA notes that “rules and regulations for conducting eCommerce apply mainly to online retailers and other businesses that perform consumer transactions by collecting customer data”, and that includes data collected during credit card processing.
Being Compliant With Regulations.
It’s crucial to understand and follow the rules and regulations designed to protect customers from identity theft and other fraudulent uses of personal information. This is known as being PCI compliant, and it’s important because it protects both merchant and customer. The merchant service provider that administers your merchant account should be able to answer your compliance questions.
PCI compliance is shorthand for being compliant with the Payment Card Industry Data Security Standard (PCI DSS), which lays down requirements to ensure that all merchants who process, store or transmit credit card information do so in a secure transaction environment. The standards are administered by an independent body called the Payment Card Industry Security Standards Council (PCI SSC), established by the five major payment card brands (Visa, MasterCard, American Express, Discover and JCB International).
- PCI compliance is required of all merchants who accept and process credit, debit and/or prepaid cards branded with the logos of the above mentioned five participating companies.
- It’s important to note that merchants must ensure that they are PCI compliant even if they use a merchant services provider to process credit cards. PCI guidelines define a service provider as a third party that stores, processes or transmits cardholder data on behalf of another entity, such as a merchant.
- Using a service provider may help reduce a merchant’s risk of exposure to fraud, and it can make it easier to validate compliance; however, it does not exclude the merchant from his or her PCI compliance obligation.
Data Security on eCommerce Business.
Data security should always be a top priority for your eCommerce business, not only to keep cardholder and merchant information safe but also to avoid the numerous direct and indirect penalties associated with non-compliance.
- For example, issuing banks and credit card processors can be hit with fines of up to $500,000 for PCI compliance violations, and these fines typically get passed along to individual merchants through increased transaction fees.
Perhaps of even greater consequence, non-compliant merchants found at fault for a data security breach end up paying hefty fines and footing the bill for expensive forensic audits and credit card replacement costs. They can also lose their merchant account – and with it their ability to accept credit cards – which can result in major damage to their credibility, reputation and customer loyalty.
- Before setting up an eCommerce business, consult with your merchant services provider about establishing the right merchant account for credit card processing on the Internet – and ask for a full explanation of PCI compliance and its ramifications for your business.