So what’s the buzz?
PCI compliance is not an option on Intuit systems and accountants shouldn’t treat it as optional at all.
Earlier this year the IRS made it mandatory for all tax practices to have a written security information plan, or a WISP. If you missed our “TaxTalk” on putting together a WISP for your practice, you can review it on our YouTube Channel for free. The slide deck includes places you can find free WISP checklists to ensure you’re in compliance.
PCI Compliance stands for payment card data compliance and is specific to protecting credit card information which your firm may, or may not have access to or stored in your client files.
The security standards for PCI compliance are stringent and involve a review of everything from your firm firewalls, to access to card information, to how you manage staff roles to protect credit card information.
Even if you don’t physically save card data like credit card numbers in your client files, simply having a payment processor like Intuit, or others, where your firm computers are used to access processor software holds you liable for protecting card information.
What’s the risks of not becoming PCI compliant? Compliance isn’t necessarily governed by law, but be careful that you don’t fall into an unknown insurance exclusion for failing to take the necessary steps to protect client card information.
Cybersecurity and other insurance coverage may require a PCI compliance due diligence on your part and failure to meet those requirements could result in a big bill if you have an issue or a data breach.
In addition to reviewing a PCI compliance checklist to ensure your firm is practicing good habits, also check in with your current payment processor about terms, conditions and what they offer for guidance. Without knowing it, you could inadvertently be paying more than you need to for your credit card processing as well.
Depending on how you take payment, meaning whether or not a client has to give you their information, you’re running a credit card, or clients can enter their own information, your fees raise and lower with the risk that you are storing card information. Gaining an education can help reduce your costs.
Non-compliance can also carry additional fees from your payment processor. Check in with them to understand what those fees may be and how you can go about completing a compliance checklist.
Keep in mind, you may need to get your IT team involved to address issues like firewalls, automatic password changes and other technology related safeguards.