How to Promote Your Business as PCI Compliant

July 6, 2017 • Published Categories PCI 101Tags , ,
Promote your business as PCI compliant!

Did you know that your business’s PCI compliance can play a big role in attracting and retaining customers, whether you sell to other businesses or directly to consumers?

Many businesses are figuring that out, because I’m often asked the question, “How can we let our customers know our business is PCI compliant?”

PCI compliance benefits extend beyond the obvious.

When your business becomes PCI compliant, you’ve made a commitment to continuously maintain a baseline standard for protecting credit card data. PCI compliance makes your business less likely to experience a payment data breach, and there are obviously many financial benefits in keeping data thieves at bay!

Your current and prospective customers also benefit from your business’s PCI compliance. For example, if your business sells to other businesses, then your compliance helps with your customers’ compliance. And, if your business sells to individual consumers, then your compliance tells them you can be trusted.

Promote your business as PCI compliant!

The best way to let customers know your business is PCI compliant is to include a statement in the About or Company section of your website. The statement should cover your PCI compliance status and what that means to your customers. Be sure to update this statement annually to reflect your most recent compliance validation.

Follow one of the two templates below to promote your business as PCI compliant.

Self-Attesting Business:

[Your Company Name] is committed to protecting consumer credit card data in compliance with the Payment Card Industry Data Security Standard (PCI DSS). Our alignment with this standard is reflected in the people, technologies and processes we employ.

We conduct regular vulnerability scans and penetration tests in accordance with the PCI DSS requirements for our business model. We attest to our PCI compliance annually, and our most recent self-attestation was completed in [Month, Year].

Note that you can also include a graphic version of your PCI compliance certificate alongside the above statement.

QSA-Attested Business:

[Your Company Name] is committed to protecting consumer credit card data in compliance with the Payment Card Industry Data Security Standard (PCI DSS). Our alignment with this standard is reflected in the people, technologies and processes we employ.

We conduct regular vulnerability scans and penetration tests in accordance with the PCI DSS requirements for our business model. In addition, our PCI compliance is attested to annually by a PCI Qualified Security Assessor (QSA). Our most recent Attestation of Compliance (AOC) was issued by [QSA Company Name] in [Month, Year].

Merchant service providers should take the following additional steps:

  1. Provide your Attestation of Compliance (AOC) to your processor and other connected service providers
  2. Register your compliance with Visa and get listed here:  http://www.visa.com/splisting/
  3. Register your compliance with MasterCard and get listed here:  https://www.mastercard.us/en-us/merchants/safety-security/security-recommendations/service-providers-need-to-know.html

Data security is a solid business strategy.

Your business can’t go wrong when it makes data security a part of its core strategy, and becoming PCI compliant is a good start. Watch my 3-minute video to learn more about building on that foundation: https://www.controlscan.com/blog/data-security-approach-really-be-secure/.