Focus: Security

PCI FAQs and myths

November 20, 2017

Healthcare consumers today not only appreciate convenience, they expect it. That’s why the number of credit card and debit card transactions has been increasing steadily over the last several years. Consumers like being able to simply swipe their card and complete their transactions without the hassle of having enough cash or carrying change.

However, that convenience for the consumers comes at a cost for the healthcare facility  that is responsible for maintaining a secure infrastructure to process those card transactions. When a customer hands over his or her credit card, there’s an unspoken expectation of security. Without a secure infrastructure to protect their sensitive information, patients risk having their financial information and even their identities stolen by opportunistic cybercriminals.

In order to protect the faith consumers have in healthcare facilities when it comes to secure card transactions, the Payment Card Industry Security Standards Council has created a set of data security standards. Any and all businesses that accept card payments must follow these PCI standards, or else risk severe consequences for themselves and their customers.

Not only does failing to comply with the PCI standards put customers at risk of having their financial or personal information stolen, but it also puts merchants at risk of being hit with fines that can exceed $100,000 per month.

Businesses that fail to comply with PCI standards also may see their banks raise the fees they charge for processing transactions. This is a big part of the reason why the average cost of a data breach for businesses is approximately $4 million.

Given how vital it is for businesses to be PCI compliant, it’s important for businesses to understand the PCI standards and avoid the persistent myths that surround them. For example, many businesses believe that they do not have to comply with the standards because they only process a small number of card transactions in a year.

However, even businesses that process a handful of card transactions can be vulnerable to cybercriminals, so these businesses must be PCI compliant.

Businesses that use an outside vendor to process card transactions may believe that this exempts them from being PCI compliant, but they still are responsible for determining whether or not that vendor is being compliant.

The guide from BluePay below details some of the most frequently asked questions about PCI compliance as well as some of the most insidious myths concerning it. If you’re worried about whether or not your business is PCI compliant, the answers may be found here.


PCI Compliance from payment processing company BluePay
See the latest posts on our homepage


Topic Area: Security

Recent Posts

Post Comment


• News and Updates
• Webcast Alerts
• Building Technologies

All fields are required.