Rss Categories

Cayan And PCI Compliance


Occasionally, relaxed security by some merchants enables criminals to easily steal and use personal consumer financial information from payment card transactions and processing systems. As a merchant, you are at the center of payment card transactions so it is imperative that you use standard security procedures and technologies to discourage theft of cardholder data.


What Do You Need To Do?

You, as a merchant, are required to be PCI-Compliant if you want to process credit cards. Cayan provides all of the tools you need to be compliant when signing up for their services.

What Does StudioCloud Do To Protect You?

StudioCloud is required to be PA-DSS compliant. We achieve this by storing all credit card information with Cayan as well as processing all credit card information through Cayan. In fact, StudioCloud never even has access to credit card information. When you process a credit card in StudioCloud you are actually processing the credit card in a specially built interface provided by Cayan. This protects your customers credit card information, protects you, and protects StudioCloud from any credit card liabilities.

What Does Cayan Do To Protect You?

Cayan requires that you be PCI-Compliant in order to process credit cards with them. As a courtesy to you they have a third party who will step you through the entire process of being pci compliant. Unfortunately, there is an annual fee for that service which that third party charges Cayan and Cayan passes along those fees to you. 

As such Cayan also allows you to opt out of their third party PCI Compliance service and provide your own third party pci compliance service. Please note that Cayan will initially charge you for the PCI-Compliance fees but once you have become PCI compliant through your own third party and provided Cayan with a certificate stating you are compliant from your third party they will refund the fees. Please talk to Cayan for specific details regarding this option.

Why Should I Be PCI-Compliant?

To protect your business in the event of credit card fraud.

What Happens If I Am Not PCI-Compliant And Something Bad Happens?

The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can catastrophic to a small business.

It is important to be familiar with your merchant account agreement, which should outline your exposure.


I Know Another Merchant Account Provider Which Doesn't Require That I Be PCI-Compliant To Use Them. Why?

It is not the responsibility of Merchant Account Providers to force merchants such as yourself from being PCI-Compliant. It is your responsibility. As such, some Merchant Account Providers should tell you that you have to be PCI-Compliant but they do not verify that you are. In this situation a merchant, such as yourself, could be faced with catastrophic fines if something bad happened. In StudioCloud's opinion this is a disservice to customers not to verify that they are PCI-Compliant because it opens them up to catastrophic penalties.

So Why Does Cayan Require It?

Both StudioCloud and Cayan do not want any of our customers to experience any penalties which could potentially put them out of business. As such, both StudioCloud and Cayan would rather have customers protected and safe then out of business.