PCI Compliance Management Program

The Payment Card Industry Data Security Standard (PCI DSS) provides comprehensive requirements for enhancing account data security for all companies that process, store, or transmit credit card information.

The payment brands (American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.) have joined together to create the Payment Card Industry Security Council and further outlined Data Security Standards.

The PCI Council has mandated that all merchants who store, transmit or process cardholder information must maintain compliance with the PCI DSS.

We understand the risks and financial costs that a compromise can pose to your business. In support of this important mandate, all merchants are required to validate their PCI DSS compliance status with us. We have simplified the process, however, making it as convenient as possible for you.

Merchant Card Services Help

What is PCI DSS?

The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of requirements for enhancing payment account data security. These standards were developed by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa, Inc. to facilitate industry-wide adoption of consistent data security measures on a global basis. The standard aims to increase awareness and promote best practices in the handling of sensitive information as a means to minimizing identity theft and fraudulent transactions.

Tagged under:

Is PCI DSS new?

No. The framework of the PCI data security standards has existed in different forms for some time now and continues to evolve. You may be more familiar with the payment brands' programs that promote the adoption of the PCI DSS

MasterCard: Site Data Protection (SDP) program

Visa: Cardholder Information Security Program (CISP)

Discover Network: Discover Information Security & Compliance (DISC)

American Express: Data Security Operating Policy

Tagged under:

I only process a few hundred dollars a month. Does my merchant account still need to be PCI compliant?

Yes, all merchants, whether small or large, are required to be PCI compliant. The payment brands have collectively mandated PCI DSS compliance for any and all organizations that process, store or transmit payment cardholder data. Inherent in having a merchant account is the ability to handle cardholder data.

Tagged under:

I already use a "PCI compliant" terminal/gateway. Doesn't that mean I am PCI compliant?

No. Use of a PCI compliant payment application is one aspect of the many PCI DSS requirements, which cover handling of sensitive data. Currently, the PCI DSS lists twelve requirements. These requirements are organized around the following principles:

Build and maintain a secure network
Protect cardholder data
Maintain a vulnerability management program
Implement strong access control measures
Regularly monitor and test networks
Maintain an information security policy

Tagged under:

Can I choose not to certify for PCI compliance?

If you choose not to complete the self-assessment questionnaire (and applicable network scans) you may overlook certain data security practices that minimize your risk of a security breach. In the event that your business is compromised, you may be subject to substantial fines per payment brand. These fines would be in addition to the expenses and fraudulent transactions resulting from the breach. In light of the importance that data security has to the payment processing industry and consumers at large, we, as your service provider, may also begin imposing a fee for each month that your account has not been validated as PCI compliant or in any given month your account is deemed non-compliant. Failure to validate compliance may ultimately result in the termination of your merchant account.

Tagged under:

More Merchant Card Services Help