Posted by Michael Chichester, Payment Processing Team Leader
I was speaking with a Dydacomp client who is the owner of an automotive supply parts company this week about PCI compliance. He was informing me that he did not think that PCI compliance applied to them because they are a “very small company” and “do not process credit cards on the internet.” They have 2 Mail Order Manager workstations and average 70 credit card transactions per month. Their average ticket is $100, so their average sales per month are $7,000. All orders are taken over the phone. It took some convincing, but he finally came around to realizing that PCI compliance does, in fact, apply to his business every bit as much as it applies to a giant like Walmart.
Unfortunately, I have had many conversations just like this one over the years. The simple fact of the matter is that even if a company only processes 1 credit card transaction per year, the PCI compliance regulations apply. Please remember, if you are not using M.O.M. 7, you ARE NOT PCI COMPLIANT! As John Healy wrote last week, the 7/1/10 deadline is fast approaching, so if you have not upgraded to M.O.M. 7 yet, you are quickly running out of time.
The PCI Security Standards Council has provided a great Top Ten Myths of PCI Compliance list that I think everyone should check out here: https://www.pcisecuritystandards.org/pdfs/pciscc_ten_common_myths.pdf.
This list should clear up a lot of the misconceptions that you had before you started reading this blog entry. I’ve been preaching for years that PCI Compliance is mainly common sense. It is really not that hard to become compliant, and we, along with Coalfire, will help you get through the process.