Payments

PCI Compliance

Meeting the PCI DSS security standards required of any business that accepts, stores, or transmits payment card data.

Definition

PCI compliance means meeting the Payment Card Industry Data Security Standard (PCI DSS), a set of security requirements created by the major card networks for any business that accepts, processes, stores, or transmits cardholder data. It is not a government law, but it is contractually required by your payment processor, and falling out of compliance can mean fines or losing the ability to accept cards at all.

Requirements scale with transaction volume. Most freelancers and small businesses fall into Level 4, the lowest tier, which generally requires completing an annual Self-Assessment Questionnaire (SAQ) rather than a formal audit. Crucially, your scope depends on how you handle card data: if your invoicing platform and processor host the payment form and you never see raw card numbers, most of the heavy lifting is handled for you and your questionnaire is short.

Why It Matters

If you take card payments, PCI compliance applies to you, even as a one-person business. The practical risk is not an auditor knocking on your door; it is your processor charging monthly non-compliance fees, often $20 to $100, until you complete your SAQ, and the liability you carry if card data is exposed through something you control.

The smartest move is to keep card data out of your hands entirely. Send clients to a hosted payment page or payment link instead of taking card numbers over the phone or email, and never write card details down or store them in a spreadsheet. That keeps your compliance burden minimal and the breach risk on systems built to handle it.

Examples

  • 1

    A freelancer notices a recurring $34.95 non-compliance fee on her processing statement and removes it by completing the annual SAQ in about 20 minutes.

  • 2

    A small agency stops taking card numbers over the phone and switches to emailed payment links, shrinking its PCI scope to the simplest questionnaire.

  • 3

    A consultant deletes a spreadsheet of stored client card numbers after learning it puts him out of compliance and personally on the hook in a breach.

Related Terms

Quick Navigation

Payment Terms Pending Payment
View All Terms

Ready to put this into practice?

InvoiceLaunch automates invoicing with built-in payment terms, late fees, and more.

Get Started
Previous Payment Terms
Next Pending Payment