In PCI Compliance, there is a lot more to your business than your website. If your business is dealing with credit card numbers over phone, or carries out face-to-face transactions, or holds up records of credit card number; then all of this has nothing to do with your website and it is really necessary for your business to meet up with PCI requirements. Well, now a question might come in your mind that does every business needs to be PCI Compliant; the answer to it has already been given above. In this article you will find answers to the question that trouble you with PCI requirements.
Should I Be Worried About PCI Compliance?
A business receiving payments through credit cards from customers needs to be PCI compliant, even if that business gets paid via credit card once in a year. The number of transactions doesn’t matter at all, even if your website is accepting third party services like PayPal or Google Checkout you are required to be PCI Compliant because it is your business that is accepting payments via credit cards and not your website.
What Will Happen If I Am Not PCI Compliant?
If your business is not according to the PCI Compliance requirements and your site’s security happens to get breached; then huge penalties will be imposed on your business ranging from $5,000 to $500,000. The fines are the first thing you will face due to being non compliant and there will be numerous other damages to your business that you will start seeing.
Terminated Merchant File
If your business is not PCI compliant; then you might lose your merchant account, which means that you won’t be able to carry out any credit card payments. Not only this, but you will also be place in the Terminated Merchant File (TMF) of MasterCard/ Visa, which will make ineligible to get another merchant for at least a couple of years. The TMF is actually a BLACKLIST for the merchants from which getting your name removed is nearly impossible.
The Terminated Merchant File is sometimes also known as The Match File, once a merchant gets his added in this file; his name, name of the business, address of home and business all are written in a record. So it is no use to apply again on the name of another family member or business partner because according to documentation, it will be taken as the same business and location (which is already blacklisted).
Card holder Data Environment
Does setting up Firewall Configuration will limit direct public access between internet and any system included in the card holder data environment? Well it depends; the cardholder data includes everything of your website as well as the database. A database server must have its own physical server that should be connected to a VPN.
Even if the data isn’t being stored by your database, it is however giving content to your site which transmits and collects the card holder information that is why it is included in the card holder data environment.