logo

What is PCI compliance and why is it important?

PCI Compliance

In 2006, due to the increase in credit card fraud, the major credit card companies (VISA, MasterCard, Discover, and American Express) decided to develop uniform standards that merchants must follow if they accept credit cards from clients.[1][2] These Payment Card Industry Data Security Standards (PCI-DSS) are designed to ensure the security of your client’s [simple_tooltip content=’The Payment Card Information is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council.’]payment card information[/simple_tooltip], before, during, and after you process the credit card payment. [simple_tooltip content=’Payment card industry (PCI) compliance refers to the technical and operational standards that businesses must follow to ensure that credit card data provided by cardholders is protected.’]PCI compliance[/simple_tooltip] refers to your law firm’s duty to follow these standards and to perform the required annual testing to verify how well you follow them.

PCI compliance requires merchants (no matter how big or small, and no matter the industry) to review their computer systems, and their internal credit card processing procedures in order to ensure the security of their client’s payment card information.[1][2] The number of standards with which your law firm must comply can increase significantly depending on:

  1. The number of transactions you process every year;
  2. Whether you store physical copies of documents containing the client’s credit card information;
  3. Whether you store electronic documents containing a client’s credit card information;
  4. Whether you process cards through a physical card reader;
  5. Whether you process cards through a third-party payment portal; and
  6. The reputation of your credit card processing company or third-party payment portal (e.g. Square, LawPay, Intuit, etc.).

PCI standards are not criminal statutes, so it is not a crime if your firm fails to be PCI compliant.[2] But payment card companies can impose significant financial penalties (as much as $5,000 to $10,0000 per month) if a client’s credit card data is breached due to your firm’s failure to comply with the PCI standards.[2] So, it is in your best interests to perform annual PCI compliance testing and fix any security risks exposed during the process.

References

1. PCI Compliance
2. PCI FAQs

logo
CosmoLex is cloud-based law practice management software that integrates trust & business accounting, time tracking, billing, email & document management, and tasks & calendaring, in a single application.
+1 866-878-6798
1100 Cornwall Road, Suite 215, Monmouth Junction, NJ 08852
USCAUK
Company
About UsOur ServicesBar Affinity PartnersPricingEnterprise-Grade SecurityCosmoLex Careers
Support
Knowledge BaseTraining ClassesShare Your ExperienceFind a ConsultantNew Feature RequestPartner Portal
Resources
Legal Resource LibraryEducational Resource CenterBlog

CosmoLex is part of ProfitSolv, a collection of best-in-class software solutions for professional services firms, allowing the freedom for growth and innovation. Using a product-centric and customer-first approach, ProfitSolv collaborates with firms to offer better client services.

© 2025 ProfitSolv, LLC, All rights reserved. ProfitSolv, CosmoLex, and respective logos are trademarks or registered trademarks of ProfitSolv, LLC and its affiliates. All product names and trademarks are the property of their respective owners.

LegalPrivacy PolicyGDPRSubscription AgreementData Request
clear-view-socialorion-lawrocket-mattertabs3timesolv