PCI-DSS Compliance

image2

Secure & Compliant

Our PCI-DSS compliance program is included with our merchant accounts. Most small and medium sized businesses are Level 4 merchants. Level 4 merchants are businesses processing less than one million retail transactions a year or less than 20,000 E-commerce transactions per year. If you are a level 4 merchant, compliance typically involves filling out a self-assessment questionaire.


Our PCI partner will work with your business to consult you on how to be PCI compliant, including completing questionnaires, reviews, security scans and compliance certificates. 


You can learn more about PCI-DSS compliance by visiting the official PCI Security Standards Council website at https://www.pcisecuritystandards.org

Non-Compliance

Merchants who fail to complete their compliance are subject to a monthly non-compliance penalty. We are required to meet certain compliance levels to help protect both merchants and their customers sensitive card and account information, and merchants need to do their part in protecting their customers sensitive card information by being PCI compliant.


Prepare your business for PCI compliance by reviewing the information and FAQs below.

Self-Assessment Questionnaire (SAQ)

SAQs (Self-Assessment Questionnaires) are a series of YES and NO questions to see if your business meets the standards required to process credit card information. 

Approved Scanning Vendor (ASV) Scans

ASV (Approved Scanning Vendor) is a scan of your office IP address or website address (for E-Commerce merchants). The scan will mainly be scanning your firewall/router to check that there are no open vulnerabilities that could allow hackers to infiltrate your network.

Penetration Testing

Similar to the ASV scans, penetration testing is a more thorough testing of your external and internal networks for possible security holes that could allow a hacker to infiltrate your computer or servers and access sensitive credit card information. 

FAQs

What is PCI Compliance?

PCI DSS (Payment Card Industry Data Security Standard) is a set of standards designed to ensure that credit card information remains safe and is captured and transmitted in a secure way. It is a set of rules to reduce the risk of fraud, hackers and thieves from stealing sensitive credit card information.

Who does PCI apply to?

PCI compliance applies to all businesses accepting credit and debit card payments, regardless of their size or their nature. PCI is the world's largest security standard, as it applies to merchants, processors, ATM companies and other service providers world-wide.

Who sets the standard and enforces it?

The Payment Card Industry Security Standards Council (PCI SSC) is the governing body that sets and updates the standard. It was created in 2006 by the major card-brands, including Visa, MasterCard, Discover and American Express in order to have a universal set of rules. The card-brands enforce the standard, requiring processors to be compliant, validate their merchants, and impose fines if a breach occurs due to non-compliance.

Why do I have to be compliant?

To avoid getting breached and losing your customers' credit card numbers. Fines imposed by the card-brands in the event of a breach can be extremely costly. It is crucial for all businesses to protect themselves and their customers by being compliant.

I've been processing for years, why do I need to be compliant now?

Visa and MasterCard are now requiring that all processors validate the compliance of all their merchants. To make this process easy and affordable for our merchants, we offer a PCI program that is included as part of our merchant services.

My provider is PCI compliant, does that mean I'm compliant?

While it is crucial to use point-of-sale providers, shopping carts and payment processors that are compliant, you are still responsible for your own staff and environment. A virus-infected computer or a dishonest staff member is all it could take to have someone steal credit card numbers from your business.