Any business that accepts credit card or debit card payments via the Internet must meet the Payment Card Industry Data Security Standard (PCI DSS) in order to be in compliance with requirements by Visa and MasterCard, among others.
There are 12 basic security requisites that were developed by the Payment Card Industry Security Standards Council to ensure that organizations that process online transactions are protecting consumers from fraudulent activity. These standards are clearly defined and, though comprehensive, are shorter than those defined by the Information Security Management System standard ISO 27001, though some requisites overlap, therefore bringing ISO 27001 in compliance with PCI DSS.
A company only meets PCI DSS compliant standards when the risk of sensitive credit card or debit card data falling into the wrong hands becomes drastically reduced. PCI DSS compliant transactions must ensure that shopping on the Internet is safer and more secure so that it increases fraud protection, prevents theft or the unauthorized use of credit or debit card accounts, protects businesses, organizations and consumers from fraudulent activity and ensures that merchants, organizations and governmental entities are processing, transmitting and securing credit and debit card data.
In a recent E-business Benchmark Report, online businesses surveyed showed that about 33% of those processing transactions don’t know if they are PCI DSS compliant or not. While PCI DSS compliance does not guarantee 100% fraud or security breach protection, it does encourage organizations to put strict protocols in place around how they utilize customer data. Penalties for non-compliance with PCI DSS can include increased auditing for security compliance, non-compliance fines in undetermined amounts, or even the loss of processing privileges for credit card and debit card transactions.
In addition to PCI DSS non-compliance penalties, there is also always the risk of reputation damage should there be a security breach resulting in identity theft or financial losses at the consumer level.
PCI DSS levels are determined by two factors: Processing volume and individual processing methods.
There are four tiers, or levels, of PCI DSS compliance with Level 1 being the most secure, and meant for organizations that process the highest volume of transactions, then ranging down to Level 4, which is the lowest level of security; each tier or level is determined by the amount of monetary processing done by the organization as well as the types of transaction they process.
PCI DSS |
Level 1 |
Level 2 |
Level 3 |
Level 4 |
4 Tiers of Security |
Organizations processing $6 million + in transactions annually |
Organizations processing $1 million to $6 million in transactions annually |
Organizations processing $20,000 to $1 million in transactions annually |
Organizations processing Less than $20,000 in transactions annually |
Getting PCI DSS Compliance for a business can be expensive and time-consuming. However, many small businesses are able to process online transactions by utilizing the services of a third-party processor that is already PCI DSS Compliant.
3G Direct Pay has been serving product and service providers and their customers since 2006. By providing an open credit card processing platform, consumers have been able to process their purchases online by using a variety of different payment options including most major credit cards, debit cards and processors like PayPal, Airtel (mobile transfers), bank transfers and others.
In the interest of better serving their clients, 3G Direct Pay recently went through the process of becoming PCI DSS compliant, thereby enabling them to extend their service provision to more customers at higher volumes worldwide. 3G Direct Pay is now a Level 1 PCI DSS Compliant credit card, and debit card, processing platform provider.
Author
Eran Feinsteinis the founder of 3G Direct Pay Limited. 3G provides global e-commerce and online payments solutions for the travel and related industries He is a leading authority in the fields of e-commerce, travel and payments, having acquired extensive experience from various parts of the world.