Skip to main content
All CollectionsFAQ
PCI Compliance for Businesses
PCI Compliance for Businesses

This FAQ is designed to provide clarity on PCI compliance when using Fleetlane. It addresses common concerns and compliance practices.

Kevin Ferah avatar
Written by Kevin Ferah
Updated over a year ago

1. What is PCI Compliance in Canada?

PCI compliance refers to adhering to the Payment Card Industry Data Security Standard (PCI DSS), which ensures secure handling of payment card information. Developed by major credit card companies (e.g., Visa, Mastercard, American Express), it applies globally, including Canada, to protect cardholder data.

2. Who Needs to Comply with PCI DSS?

Any business that accepts, processes, stores, or transmits credit card information must comply with PCI DSS. This includes:

  • Online businesses.

  • Physical retail stores.

  • Service providers handling payment data.

3. What Are the Key Requirements of PCI DSS?

PCI DSS outlines the main requirements, including:

  • Maintaining a secure network (e.g., firewalls).

  • Encrypting cardholder data.

  • Restricting access to payment information.

  • Monitoring systems for vulnerabilities.

  • Implementing strong access control measures.

There are a total of 12 main requirement which can be found at PCI Security Standards Council Official Website: pcisecuritystandards.org

4. Are There Different Levels of PCI Compliance?

Yes, businesses are categorized into four levels, based on transaction volume:

  • Level 1: Over 6 million transactions annually.

  • Level 4: Fewer than 20,000 e-commerce or up to 1 million in-store transactions annually. Smaller businesses often complete a Self-Assessment Questionnaire (SAQ) for compliance.

Level 4 is where most Fleetlane customers fall into.

5. Is PCI Compliance the Same in Canada as in the USA?

While PCI DSS is a global standard, businesses in Canada must also consider local regulations, like the Personal Information Protection Act (PIPA), which governs personal data privacy.

Fleetlane ensures full PIPDA as well as PIPA compliance and more information can be shared upon request by sending an email to team@fleetlane.com.

6. What Happens if a Business is Non-Compliant?

Non-compliance can result in:

  • Fines from payment processors.

  • Increased transaction fees.

  • Potential suspension of credit card processing privileges.

  • Loss of customer trust.

7. Does Manually Entering Credit Card Information Into a System (e.g., Stripe) Violate PCI Compliance?

NO, not necessarily. However, compliance depends on how the manual entry process is managed:

  • The device and network used for entry must be secure.

  • No cardholder data should be stored outside of Stripe.

  • The business must meet specific security measures outlined in the SAQ C-VT (for virtual terminals).

8. What Are the Risks of Manual Credit Card Entry?

Manual entry introduces the risk of non-compliance if:

  • The device (e.g., computer or tablet) used for entry lacks adequate security measures like antivirus or firewalls.

  • The network used is unsecured (e.g., public Wi-Fi).

  • Cardholder data is stored locally or mishandled.

9. How Can a Business Stay PCI-Compliant While Manually Entering Card Data?

To ensure compliance:

  • Use PCI-compliant software like Stripe.

  • Secure the device with updated software and antivirus.

  • Enter data only on a secure, private network.

  • Train staff on handling sensitive information.

  • Complete the appropriate SAQ C-VT questionnaire to document compliance.

10. What Tools Help with PCI Compliance?

Common tools include:

  • Encryption software for data protection.

  • Tokenization to replace sensitive data with secure tokens.

  • Firewall and antivirus solutions to secure devices.

  • Partnering with PCI-certified service providers like Stripe.

11. Why Is PCI Compliance Important for Businesses?

PCI compliance:

  • Protects customer payment data from breaches.

  • Ensures compliance with global and local privacy laws.

  • Maintains trust with clients and partners.

  • Reduces financial and reputational risks.

Conclusion

For businesses in Canada and the USA, PCI compliance is a crucial aspect of securely handling credit card transactions. While tools like Stripe simplify compliance, it is essential to secure all devices, networks, and processes involved in handling payment data. Always complete the appropriate Self-Assessment Questionnaire (SAQ) and stay informed about evolving PCI DSS standards.

For further assistance or to assess your PCI compliance, consult a certified PCI professional or your payment processor.

Did this answer your question?