PCI Compliance

Ensuring uniform protection of cardholder data

The Payment Card Industry (PCI) Data Security Standards (DSS) is a set of policies and procedures that must be adhered to by businesses that accept credit or debit cards for payment. Designed to ensure uniform protection of cardholder data, PCI DSS governs a variety of areas in which to safeguard data, including:

•   Your office or practice location
•   All computers, including laptops and mobile devices
•  Employee training and access
•  Documented policies
•   Security services

While PCI DSS sets a baseline for security, it is not a one-stop solution. Rather, security assurance is an ongoing process that can require annual, or even quarterly, testing and reporting.

Many payment processors assess heavy fines or penalties to business customers that fail to prove that they meet PCI standards on a regular and ongoing basis. If you haven’t paid careful attention to your credit card statement, you may already be paying these fees without even realizing it.

PCI compliance is not just a financial matter, however. Demonstrating your compliance is an important way to show your patients that you care about the security of their personal information and do everything in your power to protect it.

• Credit card numbers are not visible during the transaction.
• No data is stored on your computers or servers.
• Transactions meet compliance regulations, thereby removing your liability for any fraud that might occur.
•  No quarterly scans or assessments are required.
• Card-on-file data is stored in a secure, encrypted vault.
•  Significant back-up systems ensure ongoing access to secure data.

Becoming and staying PCI compliant will help you stay compliant with HIPAA and SOX, avoid fines and penalties, and protect yourself from liability should fraud occur.