Not all leads are created equal. Check out our new Leads AI.

Scorpion Scorpion

The Importance of Being PCI Compliant

Person with phone with on screen text saying payment successful
Casey Shull

As online transactions have become the norm, the shift from cash and checks to cards is no longer a shift at all, but a remember when? Nowadays, in order to appeal to as many customers as possible, you need to be able to take online payments or lose out on valuable business.

With any online transaction, there’s a lot of moving parts that you need to be aware of as a business owner—especially whether or not you’re following the Payment Card Industry (PCI) regulations with the payment processing company you’ve chosen to utilize.

What is PCI compliance?

PCI stands for Payment Card Industry. In full, it’s labeled as the Payment Card Industry Data Security Standard–PCI DSS. Essentially it’s the standard of how credit card transactions are handled in a secure manner and ensures specific safety measures.

Otherwise, there’s risk of your customers experiencing credit card fraud, identity theft, or even stolen data. Such a security breach, even for just one customer, may result in decreased customer loyalty, trust in your business, and halted business growth.

To protect both business owners and customers, the PCI Security Standard Council enacted a set of requirements that all companies must follow if they’re going to take online payments. The requirements protect how credit information is processed, stored, and transmitted.

Although you may think you only hear about cardholder data hacks against major corporations, it can happen to any business, small, mid-size, or large. And that’s what the PCI compliance regulations are meant to prevent.

PCI compliance regulations are like onions–they have a lot of layers

To start off with, there are four different levels of PCI compliance. The four levels include–

  • Level 1 businesses that process more than 6 million card transactions per year
  • Level 2 businesses that process 1 to 6 million card transactions per year
  • Level 3 businesses that process 20K to 1 million transactions per year
  • Level 4 businesses that process fewer than 20K transactions per year

Along with the levels of PCI Compliance, there are 12 distinct layers that make up all the requirements to be compliant. They include-

  1. Install and maintain a firewall
  2. Update vendor-supplied default passwords & security settings
  3. Protect stored cardholder data
  4. Encrypt data when transmitting over public networks
  5. Utilize and update antivirus software
  6. Update systems regularly
  7. Restrict access to cardholder data to a need-to-know basis
  8. Assign unique IDs for computer access
  9. Restrict physical access to data
  10. Track and monitor data access in logs
  11. Regularly test systems and processes
  12. Document all logs according to policies

While its origins begin with EU law, the General Data Protection Regulation (GDPR) needs to be considered because it also extends to the US. In a nutshell, the GDPR governs how businesses can use, store, and process personal data according to seven principles. Read more about those principles and about the GDPR in general here. For California-based businesses, you need to be aware of the guidelines set forth by the California Consumer Privacy Act, which can be reached here.

We know, that’s a lot, right? The good news is Scorpion is here to help. Read on about how we make it easy to collect payments while following PCI compliance regulations.

Choosing a payment processing company

While being PCI compliant isn’t required by law, following regulations means you can reduce the risk of data breaches, hefty fines, ruined brand reputation, data theft, and issuing banks such as Visa or Mastercard refusing to allow your business to accept their cards as payment. Most businesses can’t afford not to be compliant.

But just because you want to be, doesn’t make it easy. That’s where payment processing companies can come in. Payment processor companies essentially handle the transaction between you and the buyer. Think of it as a type of mediator, you know, the one you wish you had during that particularly intensive round of Monopoly?

Payment processors can come through a bank, online providers such as Scorpion, or a specialized processing company like Stripe. Keep in mind, most processors have fees they charge, and you will need to determine your payment gateway. That gateway is what connects your merchant account to the processor. If you choose to combine the two, that can make for an easier setup and lower the costs of paying for two services.


How Scorpion can help

Scorpion takes your payment collection to the next level. Our Scorpion Payment system allows you to send invoices, collect payments, and see your payment reports in one spot, so you know what’s outstanding. We also provide a payment gateway by integrating with digital wallets and lower fees by eliminating monthly charges with only a small processing fee when you use the service. And the best part? Scorpion’s payment system follows PCI compliance regulations.

Ready to take your payment processing setup from huh to huzzah? Get started with Scorpion today for not only your payment needs but your entire marketing strategy.