The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.

PCI Security Standards were created by major payment card brands (Visa, MasterCard, American Express, Discover and JCB) and they are responsible for enforcement. It is not a law but non-compliance has penalties. The PCI Security Standards site allows you to do a self-assessment to determine your compliance.

If you accept, process, store, or transmit credit card information, you must comply with PCI standards. The risk of not being compliant can be significant for a business. The payment brands may fine the acquiring bank $5,000 to $100,000 per month for violations. The banks may in turn terminate your relationship or increase transaction fees. This can be catastrophic to a small business. In addition, if a breach occurs where credit card information is stolen or leaked, merchants may be subject to fines, card replacements costs, costly forensic audits, etc.

The same rules apply in the US and Canada…in fact worldwide since PCI standards are overseen by a global security council in cooperation with the major credit card brands.

Cardholder Data (CD) includes the following Personally Identifiable Information (PII):

  1. The full Primary Account Number (PAN)
  2. Cardholder Name
  3. Expiration Date
  4. CVV2 or CVC2 security number

LuminFire can help you to become compliant with your custom FileMaker or WordPress web solution. Here are the steps required:

  1. Assess – Identify the locations of cardholder data and analyze for vulnerabilities that could expose the cardholder data.
  2. Repair – Fix identified vulnerabilities.
  3. Report – Document assessment and steps taken to secure the data. Submit compliance reports to bank and card brands that you do business with.

We will work with you to take steps to remove credit cardholder data from your solution and utilize profile-based payments or tokenized information so that you can charge credit cards without the risk of exposure. We have fmFlare, Stripe, PayPal, Authorize.net, and many other tools at our disposal to assist with compliance.  

Contact us if you need assistance. Let’s talk about building a solution together.


Also published on Medium.