woman entering credit card data on her laptop

Why we chose PCI certification over PCI compliance

Summary

The difference between PCI certification and compliance. And why we chose certification.

Time: 3 minute read

Organizations that collect credit card and personal data not only need to ensure PCI compliance, they also need to consider how their vendors and partners that touch cardholder data address PCI standards.

Just recently, Ricoh earned PCI certification for our inbound services. (You can read more in this press release.) Our certification ensures we help you maintain your compliance and assures you of our commitment to data security and securing your data.

Of course, we also recognize that the more common term is PCI compliance. This might prompt the question, “ Is PCI certification different than compliance?”

In this article, we will answer that question, and we will also:

  • Define PCI  and explain its purpose
  • Share the differences between PCI compliance and certification
  • Explain why we chose the tough path of getting PCI certified

What does PCI stand for?

PCI is the acronym for Payment Card Industry. It refers to the data security standards established by the credit card companies to protect credit card payment transactions. The PCI standards define how a business stores, processes, and communicates cardholder data, including credit card and debit numbers, social security numbers, and even driver’s license numbers. This involves technical elements such as hardware and data security applications and operational factors like how employees engage with the data.

The standards for compliance have been developed and managed by the PCI Security Standards Council. As an element of consumer protection, the Federal Trade Commission oversees how credit cards are processed with legal precedent established for PCI compliance.

Any organization that meets the Payment Card Industry Data Security Standards, abbreviated to PCI DSS, is considered PCI compliant.

message on a laptop screen for secure payment

What are the PCI compliance standards?

The PCI DSS includes 6 prime objectives, 12 key and 78 base requirements, and more than 400 tests to confirm compliance. It may sound like a lot; however, the compliance requirements really define data security best practices and can be understood from the 6 objectives:

  • Build, support, and maintain a secured network and communications
  • Establish safeguards to protect cardholder data
  • Run a vulnerability management program
  • Ensure strong access control measures
  • Monitor and test your networks
  • Define and maintain an information security policy

What is the difference between PCI compliance and PCI certification?

Every organization that runs credit card transactions must be PC compliant. Those companies should also see that any vendors involved with the exchange or storage of their data minimally meet those standards as well.

As you evaluate vendors, you might find some are PCI certified. Is there a difference? The simple answer is yes.

What is PCI compliance?

The PCI DSS defines what an organization must do to protect cardholder information when stored, processed, and transmitted. The organization itself assesses, monitors, and measures its own level of PCI compliance – PCI compliance is a self-assessment. Compliance reports must be submitted regularly, but these are also compiled and completed by the organization.

Failing to meet the basic requirements can result in large fines, so there is certainly a great inclination to do so. 

What is PCI certification?

PCI certification involves a documented, third-party assessment by a qualified security assessor (QSA) that features an in-depth evaluation of the systems, policies, and procedures to protect data and information. Companies that pass the certification process earn formal attestation of compliance.

Formal certification provides independent, third-party assurances that the program fully meets all of the applicable requirements.

Why Ricoh chose PCI certification

As a digital services provider, we help our customers store, manage, share, and protect data every day. We understood that much of this data required PCI compliant systems.

And for Ricoh, information security has always been a priority. As David Levine, VP Corporate Information Security, CSO, Ricoh USA, said, “It was important for us to become one of the first in our industry to secure this highly regarded certification.”

The PCI certification applies to our inbound services, including Intelligent Capture, Claims Processing and Accounts Payable/Receivable services, Digital Mail and Hosting Services, and Capture and Conversion services.

For more information about these services or how we can help you, please contact us and speak with one of our representatives.

 

Recommended for you

business meeting Article: 5 reasons business needs business continuity plan You never notice that you need a business continuity plan until disaster strikes
businessman-using-calculator Article: Bad workflows: Hidden time wasters slow you down Find productivity pitfalls and automate processes for efficiency
pen-and-paper Article: Data backup and disaster recovery Understanding data breaches impact the entire company