Want to be the first to know?

We'll share what we're up to as well as up-to-date industry news and trends.

Email Address:


Thank you for subscribing.

You have successfully subscribed to the Axiom newsletter.

Please add newsletter@thinkaxiom.com
to your address book so that our
newsletter doesn't end up in your spam folder.

Thank you.

Your message was sent successfully.
We will be in contact with you within 24 hours.

If you need more immediate help,
please call
Toll Free: 888.324.0002


Is Your Business PCI-Compliant? Here’s Why It Matters

December 8, 2014

PCI-CompliantIf your business isn’t PCI-compliant and a hacker gains access to your customers’ credit card information, you could incur serious penalties.

To ensure the safety of their customers’ confidential payment information, representatives of major credit card groups came together in 2006 and created the Payment Card Industry Security Standards Council (PCI SSC). This group is charged with the task of creating security protocols businesses are encouraged to follow in order to protect the privacy of confidential payment information.

While federal law doesn’t require businesses to follow the PCI Data Security Standards (DSS), should data breaches occur and private customer information be compromised, non-compliant companies could face severe penalties. At best, punishments range from monthly fines of $5,000 to $100,000. At worst, businesses could lose their merchant accounts altogether, thus being unable to process credit card transactions in the future.

In 2003, American merchants processed 15.2 billion credit card transactions. By 2012, that number grew to 23.8 billion. The world is becoming increasingly digitalized, and with smartphone and tablet adoption rates escalating, we can assume even more credit card transactions will be processed in the future thanks to the rise of mobile commerce.

Since that’s the case, businesses that can’t process credit card transactions will struggle to exist. And over time, they’ll almost certainly become irrelevant.

That’s why it’s imperative you make sure your business is PCI-compliant. If you’re not right now, rest assured you’re not alone: Believe it or not, as many as 67 percent of businesses aren’t in compliance with the current security standards.

But on Jan. 1, 2015, the newest iteration of the rules, PCI 3.0, goes into effect. So even if your business operates in accordance with the current standards, you’ve got to make sure you’ll be complaint with the coming changes.

The new rules can be read in their entirety here. Some highlights:

  • You need to have your firewall turned on at all times, and you’ll have to have a good reason if you take it down.
  • Employees can’t use vendor-provided passwords. They’ve got to set their own.
  • Malware and anti-virus software needs to always be active. It also needs to be patched and updated regularly.
  • To make sure your cardholder data can’t be tampered with, you need to take measures to restrict physical access to it.
  • Your systems need to be tested regularly to ensure compliance.

Have you taken steps to make sure your business is in compliance with the soon-to-be PCI standards? If you have any questions, please contact us. We are more than happy to help you make sure your cardholder data is secure and your business is protected.

“Axiom does a phenomenal job making sure we are up to date with technology, keeping us secure, up to date, and my staff happy. We’re both on the same side of the table.”
– Ray Kubick, Northwestern Mutual

Learn how Axiom can help your business

or call 888.324.0002 to speak directly.