Is your business PCI compliant? Do you know it means to be PCI compliant?
If like most businesses, you are trying to attract customer and payments via your website, there are a number of banking standards and requirements that you need to adhere to if you want your bank or card services provider to be satisfied.
PCI standards explained
Payment Card Industry (PCI) standards have been designed to protect both the seller and the buyer and provide a framework for ensuring that payments by credit or debit card can be taken safely and securely.
Your website will be subjected to compliancy checks in order to ensure that you meet the required standards and that the bank is satisfied that the way you have set up your payment processing online is PCI compliant.
Achieving compliance
When you apply for a direct merchant account to be able to take payments through a service such as http://www.merchantservicesuk.co.uk, one of the first requirements will be that the website you state on your application is the one being used, and that customers are not redirected to another site when they come to make payment, as this is not allowed.
Customer support details
You should also ensure that you display customer support information clearly on the website so that a customer has a clearly identifiable way of finding information on how you provide support if they need it, at all stages of the payment process and afterwards.
Good practice would be to display a customer service telephone number in as many prominent places as possible on your website.
Consistent branding
Your website branding needs to be consistent with what you are selling and should not be misleading in any way. PCI compliance would also require that the branding of your website is in keeping with the type merchant account you are applying for.
Secure site
When you are collecting sensitive and personal information from your customers, this needs to be protected by diverting to a secure site (HTTPS://) for completion of the purchase.
Logos
Card scheme rules insist that the VISA/MasterCard logos are displayed and located on the website where purchases can be made. You can get these logos from the company operating the card processing service.
Collecting contact information
Preventing fraudulent purchases on your website is something that you would want to try and do anyway, and as part of that process, you will need to collect their address details as well as landline and mobile telephone number information.
Privacy policy
You should also display your privacy policy on the website, which should describe how you intend to store and access the information provided by customers. You can find some suitable templates online for guidance on wording and content.
Refund policy
You should also have a clearly defined refund policy on your website that is easily available to find on your website.
Descriptor
The descriptor is what appears on the purchaser’s bank or card statement and helps them to identify who has taken the payment from them.
If you have a Limited company name that is different to the trading name, this would be a good example of why you need to tell your customers what name will appear on the card transaction, so they know what it is and you can avoid unnecessary chargebacks for disputed transactions.
Most of the requirements for PCI compliance are common sense anyway, but making sure you tick all the right boxes will help to impress any banking service.
Carl Robinson has served his customers with care for two decades now. When he’s not busy at his business, he’s sharing his insights online. Look for his eye-opening articles on various Internet blog sites.