This is a guest post by Justin Akimoff, a Certified Payments Professional and the head of LawPay’s Client Success Team.
It often feels like data breaches are happening to businesses every minute: In 2019 alone, Capital One, Facebook, First American Financial, and many more were breached. That’s why it’s all the more necessary for businesses to make concerted efforts in protecting their customers from hacks and leaks.
If you’ve already started accepting credit card payments into your firm, there’s a chance the phrase “PCI compliance” has entered your awareness at some point in time, but you may not fully understand what it means. That’s where we can help. We’ll provide you with an overview of PCI compliance, including why it exists and what you can do to keep your law firm compliant every year.
If your business accepts, processes, stores, or transmits credit card data, it must be compliant with the Payment Card Industry Security Standards Council (PCI SSC).
The PCI SSC was created by the biggest credit card brands (Visa, Mastercard, Discover, JCB International, and American Express) to address security concerns related to credit and debit cards, as well as prepaid cards. Each card brand has a list of requirements that businesses must adhere to in order to become compliant.
Although you aren’t required by law to be PCI compliant, adhering to its practices is an excellent way to keep your client’s (and your firm’s) payment data secured from hacking or other cyber threats. As long as you follow the standards mandated by the PCI SSC, your firm will be using the latest and greatest techniques in data security every year. It’s also worth noting that certain banks penalize merchants who aren’t PCI compliant, so adhering to these standards can save you from costly fines in the long run.
Between each credit card brand, three are at least four levels of PCI compliance that businesses can fall under, each corresponding to the amount of card transactions they process annually. The vast majority of law firms that accept card payments would be categorized at the lowest possible level—those that process as little as 20,000 transactions per year (up to 1 million). For these businesses, all that is usually required is to complete a Self-Assessment Questionnaire, or SAQ.
If you’ve completely rewired your firm to only use online payment processors, your SAQ will be the easiest of them all. It only has 22 questions and most people can finish it in under 15 minutes. The greatest online payment solutions will even help their customers maintain their compliance every year by offering assistance and answering any questions you may have.
To get merchants started on the right track, the PCI SSC created the PCI Data Security Standard (PCI DSS). It contains six goals all businesses should aim towards to make their operations PCI compliant. We’ve summarized each goal below:
If you make these standards a habit within your firm (and keep up with your annual SAQ, of course), you can assure your clients that their credit card information is in good hands.
LawPay was specifically designed with the needs of legal professionals in mind. Learn more about how LawPay can protect your firm by visiting our Features Page.
Justin Akimoff is a Certified Payments Professional and leads LawPay’s Client Success Team responsible for training and onboarding new customers. His team's focus is on improving the customer experience for new and existing customers which includes technical and PCI compliance support.
Header image by Hloom Templates.