For some time, we and others have been alerting client businesses of their need to be “PCI compliant.” That means conforming to the new Payment Card Industry Data Security Standard (PCI-DSS). PCI compliance is meant to ensure transaction security to consumers who use credit cards to make purchases. The seller in the transaction is required to ensure that they are ‘compliant’ with the new standards regarding storage, transmission and processing of credit card data. As an alternative, they have the option of ‘offloading’ that responsibility to one of the larger third party credit card solution providers.
Sage Payment Solutions provides one of the better solutions we’ve seen, one that integrates with some of the products we sell [disclaimer: we represent various Sage Software solutions, including SPS]. Sage Payment Solutions, when implemented as all or part of a business’s credit card processing solution, provides a safe, secure and modestly priced solution to the complexity dilemma afforded by PCI compliance.
And with non-compliance fines starting at over one hundred thousands dollars for vendors not in compliance, there’s plenty of incentive to ensure you’re doing this right. Basically, if you’re a small business, you don’t want to be storing or otherwise holding your customers’ credit card numbers for transactions. SPS provides a way out of that liability.
Part of the SPS solution, Sage Vault, handles the storing of credit card data securely. Secure payment processing is offered through Sage Exchange. In a sample illustration, a new user can open an account with your business and you can take all the information up to the choice of paying by credit card. If a credit card option is invoked, a new window might pop open in another window hosted by Sage. The user keys in the credit card information, and a token is generated by Sage to stand in place of that credit card data.
By outsourcing the credit card component, a business can wash its hands of what could otherwise be a highly expensive compliance audit, not to mention the aforementioned fines for failure to comply.
If you’re still accepting credit cards the old-fashioned way – without utilizing a secure transmission, and/or storing their credit card data – you need to act soon. PCI-DSS standards have already been implemented.
If you have questions, one good source we found is the PCI Compliance Guide, which you can find here, filled with the most common FAQs. If you’re not already compliant, contact your software provider ASAP to learn how go get compliant – for your own and your customers’ safety.