Many artists are confused about PCI compliance, and there have been discussions about what different merchant service companies are charging. I asked the folks at Teamac to clear things up for us in this guest post. Thanks!
by Jennifer Hinkle
The artist community is facing a changing landscape – with decreasing sales, lower price points, higher cost of traveling to shows – many artists must decide if they can stay in business.
For any artist who accepts credit cards, they will also have to factor is PCI (Payment Card Industry) DSS (Data Security Standards) Compliance that MasterCard and Visa are mandating all merchants must comply with in 2010. MasterCard and Visa established the compliancy standards to improve credit card holder information security.
This is a necessary new cost for EVERY artist accepting credit cards because of the increased credit card fraud and data security breaches recently occurring at such recognizable names as Heartland Payment Systems, Batteries.com, and Forever 21.
The most important thing to know about the compliancy program your processor offers is: are you receiving a valuable service for the increased cost – if you are now paying for it how does it benefit you?
Unfortunately for far too many credit card processors it’s a cash cow~just another way to make money off the artist and not a business tool.
What will a worthwhile PCI Compliancy program look like?
They will vary depending on what your credit card processor chooses to do – without a doubt though – you should receive literature from your credit card processor OR a third party vendor they have contracted with to administer the PCI Compliancy program on their behalf. This may come in many forms, email, fax, statement messages, and snail mail so you might have to look for it!
The nuts & bolts of a program are:
1. Questionnaire – you need to fill out about the way you process (store, transmit, take orders, etc.) credit cards THEN your answers to the questionnaire will determine if you require a monthly scan on your computer. FYI – For all businesses that have an outward facing IP address they will be required to have a monthly scan.
2. Upon completion you should receive a proof of compliancy certificate – very important! – store this document in a safe place.
3. Your compliancy will need to be submitted to MasterCard/Visa – you should clearly know if you are required to follow up or if your processor is doing it for you.
4. Your business will be required to maintain compliancy through the duration of the business accepting credit cards.
Can’t stress enough that PCI is not a once and done deal – PCI is a part of your future indefinitely so being educated about it is the best way to make well informed choices for your business.
Non-compliancy means fines for both you and your credit card processor – find out specifics!
Questions to ask your credit card processor about PCI:
1. Is my current service/terminal PCI compliant?
2. How much will it cost me? Monthly fees – yearly fees
3. Am I already being charged for compliancy?
4. What is the timeline for me to become compliant?
5. Are there non-compliancy fines assessed? When & how? By who?
6. If I have questions about PCI who can I call at this company?
As you get the answers to these questions you will have to decide if you want to continue accepting credit cards as payment from your customers – ultimately, whether or not PCI compliancy is a feasible cost of doing business.
When weighing the options, keep in mind the ultimate goal of PCI is to reduce the risk of threat to your business via credit card theft. If your customer knows their credit card information is safe with your company, they will in turn stay loyal and continue the relationship.
Accomplishing this goal may mean you as the artist will have to hold your credit card processor accountable for providing you an authentic compliancy program.
Jennifer Hinkle is Director of Operations at TeaMac, Inc.
Additional Resource: PCI Security Standards Council website https://www.pcisecuritystandards.org – offers lots of information but, may confuse you too! Be advised!