Shifting the burden of PCI Compliance

Articles Security

Ever wish you could just get on with the business of doing business?

It feels like every year there are additional rules to follow, regulations to comply with and paperwork to submit, just to keep your business legal. While these rules are admirable and designed to help protect your customers data, account and card information from cyber pirates, it feels like you're having to do more and more work for the same return on your investment.Worse still, you're expected to become an expert on PCI compliance, data protection and risk management!

Take PCI compliance for example, what does this mean? Well Wikipedia describes the requirements like this: "The PCI Data Security Standard specifies twelve requirements for compliance, organized into six logically related groups called 'control objectives'. Each version of PCI DSS has divided these twelve requirements into a number of sub-requirements differently, but the twelve high-level requirements have not changed since the inception of the standard." No arguing with that! No understanding it either!

In short the purpose of the requirement is to make sure that the information submitted from a card payment cannot be intercepted at any point between your taking the payment and the bank clearing the money into your account. The problem that arises is that you could have many different suppliers at various points along this process. You might get your card machine from one supplier, but your transactions go through a different bank only to be cleared through a third clearing house. So because none of these parties is able to take ownership of the whole process, and since you're the one that needs to be able to take card payments to "get paid", it becomes your problem.

So why don't any of these huge companies get stuck in and straighten out the market? Well, they really don't have to. Everything works fine for them and the clients don't really have any other choices, it's a closed system. They really have an "if it ain't broke" mentality and because they all tow the line, nothing changes.

As is the way though, at some point somebody steps up to try and fix a broken system and this is where Kashing comes in. Kashing are a technology company that have set out to streamline and manage the whole process using their proprietary secure payment technology. By managing every step of the card payment process they are able to shift the PCI compliance burden from the merchant to themselves. They're so confident that their technology works that they're essentially putting their neck on the line so that the merchant doesn't have to.

It's finally affordable for independent businesses can take secure card payments over the phone, online or face-to-face with all their data encrypted and not having to master the dark art of PCI DSS compliance. The need for having multiple suppliers, complicated bills with sliding scales, faceless help centres and clunky card machines is finally over. Get all you need in one place, with one simple bill and loads of powerful features. 

PCI compliance? Don't learn about it, just shift it!