This article addresses frequently asked questions about PCI Compliance in relation to Clover Connect.
1. What is PCI Compliance / Why does it apply to me? Any business taking credit card payments, and therefore potentially handling and/or storing customer credit card information is required to be “PCI Compliant” by the Payments Card Industry (Visa / Master Card / Amex…). There is unfortunately nothing we can do about it. It applies to everyone.
Why is this necessary for your music school?
-
Data Security: The primary reason to undertake PCI compliance self-assessment is to ensure data security. Payment information is among the most sensitive data that your music school collects from students and patrons. In today's digital world, breaches of payment data can lead to significant financial losses and damage to your school's reputation.
-
Avoiding Fines and Penalties: Non-compliance can lead to fines and penalties from the card companies and banks.
-
Trust from Customers: Complying with PCI DSS can serve as a message to your customers that you take their security seriously. When your students and their parents know you're doing everything you can to protect their financial information, they'll trust your business more.
The good news is that:
-
- opus1.io integrates with Clover Connect / Fiserv in a way that the scope of your compliance is extremely narrow, easy to assess and your overall risk reduced significantly. Clover Connect / Fiserv stores your customers credit card data securely for you, and opus1.io processes payments securely through Clover Connect, so that you don't need to handle or store credit card data yourself.
- CloverConnect offers a service to help you be compliant and do a self-assessment by filling up a simple questionnaire
- You can answer most of the questions as “not applicable, customers enter their own CC info on Opus1.io / CardPointe directly” if your staff effectively never ever handle, store, or key-in, credit cards numbers, and customer enter their credit card number directly online on their own computer in Opus1.io.
- Depending on how you handle credit cards you may need to answer more questions and take basic best-practice steps to secure the computers used to handle credit cards (antivirus, password protection, etc.), and educate your administrative staff.
Clover Connect / Fiserv provides very competitive rates and next-business-day funding for payments. PCI compliance helps reduce the risk associated with handling credit card payments. It is also useful to educate merchants on the importance of handling credit card data securely - for example not storing customer credit card data, especially on unsecured paper documents or in unencrypted electronic documents etc. as it can be easily stolen and facilitate credit card fraud.
Alternatively, you may choose to not want to deal with it, in which case you will be charged a monthly “non-compliance” fee by the payment processor/credit card companies. You can think of it as insurance you are paying to cover the potential loss of client credit card data, which can be waived if you take the step to be PCI compliant.
2. Will my payment processing account be blocked if I am not PCI compliant?
No. As stated above, you can choose to not be compliant but you will be charged a small monthly non-compliance fee. You can think of it as an insurance payment for avoiding paperwork.
3. What is the best way to reduce my compliance exposure?
If you and your employees never store nor handle (key-in..) credit cards directly, and your customers enter their credit card details directly in Opus1.io (which is actually sending it directly to Clover Connect), you can essentially answer most questions in the questionnaire as "not applicable, customers enter their credit details directly in opus1.io / Cardpointe"
4. Why haven't I had to do this before?
It is common practice in the industry, however some payment providers just price-in non-compliance fees in their pricing by providing higher rates and choose to not educate their merchants on lowering risk of fraud for their end-customers.