I keep getting annoying calls about being in PCI compliance at my business.
We recently dumped our credit card processing company and moved everything over to Square. Do we still have to worry about PCI compliance? The whole thing sounds like a scam.
If you accept credit cards for payment you are contractually bound to being PCI compliant.
As a general rule if you do less than 400,000 transactions a year the card brands wont pay a lot of attention. If you use a certified vendor like Square to do it you are pretty much there. Just don’t keep any paper records of the card number in addition to using that service.
There are concerns about Square for compliance but they are one of the approved ones the last time I checked.
Yes its a scam, a legal one. The banks don’t really care because credit card fraud costs them less than 5 cents on every $100 spent. For them that is acceptable.