Healthie is proud to share that we are fully PCI-Compliant. Healthie was designed with security in mind as we strive to create a safe and organized space to store private health and billing information. While this is nothing new about Healthie, this does allow for an interesting point of discussion – what is PCI Compliance and is your business potentially at risk without it?
PCI or The Payment Card Industry Security Standards Council (PCI SSC) was launched in 2006 to manage and oversee the ever-changing field of payment cards such as Visa, MasterCard, or American Express. These standards were put in place to ensure that cardholder security would be regulated accordingly across all industries. PCI applies to any business or organization that uses cardholder data, regardless of how that data is used. Any company that accepts debit or credit cards even if they do not store any card data, must comply with PCI regulations. While this may at first seem overwhelming, for those of you familiar with HIPAA compliance, this will be a cake walk.
When your company begins to take payments through credit or debit, the responsibility falls on the business owner to ensure that all cardholder data is protected. If any harm comes to a cardholder due and you cannot show PCI compliance, consequences can include anything from fines to inability to accept card payments in the future to even business closure depending on the situation. So, how can you satisfy PCI regulations to avoid these liabilities?
First, use this chart to determine which Self-Assessment Questionnaire (SAQ) your business should use to validate compliance. Depending on the number of transactions made through your company, a quarterly external scan may be required and must be conducted by an Authorized Scanning Vendor. Then, answer your appropriate SAQ according to its instructions. Complete the Attestation of compliance test (in SAQ) and submit it quarterly to your relevant acquiring banks.