Skip to Contact an Expert Skip to Main Content
First Data
  • Solutions
    • Credit and Debit Card Acceptance
    • eCommerce
    • Payment and POS Solutions
    • Security and Fraud Solutions
      • PCI Compliance
      • PCI Rapid Comply
  • Client Support
    • Clover Support
    • Getting Started
    • eCommerce Site Review
    • Products and Solutions Support
      • Frequent Account Topics
      • Frequent Support Topics
      • Terms Glossary
      • Video Support Library
    • Rates & Fees
      • Interchange Rates
      • Pass Through Fees
    • PCI Data Security Standards
    • PCI Security Standards
  • Partners
    • eCommerce Partner Directory
    • Strategic Partners
  • Contact
    • Sales
    • Support
    • General Inquiries
  • Solutions
    Home Page
    • Credit and Debit Card Acceptance
    • eCommerce
    • Payment and POS Solutions
    • Security and Fraud Solutions
      Solutions
      • PCI Compliance
      • PCI Rapid Comply
  • Client Support
    Home Page
    • Clover Support
    • Getting Started
    • eCommerce Site Review
    • Products and Solutions Support
      Client Support
      • Frequent Account Topics
      • Frequent Support Topics
      • Terms Glossary
      • Video Support Library
    • Rates & Fees
      Client Support
      • Interchange Rates
      • Pass Through Fees
    • PCI Data Security Standards
    • PCI Security Standards
  • Partners
    Home Page
    • eCommerce Partner Directory
    • Strategic Partners
  • Contact
    Home Page
    • Sales
    • Support
    • General Inquiries
pci-data-security-standards

PCI DSS and the Payment Card Network Compliance Programs

 

Merchants and Service Providers that store, process, or transmit cardholder data must comply with PCI DSS and the Payment Card Network Compliance Programs. The PCI DSS is enforced by the Payment Card Networks (Visa International, MasterCard Worldwide, American Express, Discover Financial Services, and JCB). Even though certification requirements vary by business and depend on your "Merchant Level" or "Service Provider Level", failure to comply with PCI DSS and the Payment Card Network Compliance Programs may result in a Merchant having to pay fines, fees and/or their processing services terminated.

 

First Data wants to ensure all its merchants are compliant. Below we are providing data security information and links to assist in assessing the actions your business should take to ensure that it remains compliant.

 

The PCI Security Standards Council

 

The PCI Security Standards Council (PCI SSC) is a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. The PCI Security Standards Council (PCI SSC) is an independent body founded in September 2006 by the five major credit card networks: American Express, Discover Financial, JCB, MasterCard Worldwide, and Visa International.

 

The PCI SCC currently manages the following security standards:

  • PCI Data Security Standard (DSS)
  • PCI PIN Entry Devices Program (PED)
  • PCI Payment Application Data Security Standard (PA-DSS)

 

The PCI SSC is also responsible for the training and qualification of security assessors and vendors that validate merchant and service provider compliance against these standards. The PCI SSC is not responsible for enforcing compliance to these standards. Enforcement of compliance is managed independently by the Payment Card Networks.

 

Visit www.pcisecuritystandards.org for more information.

 

Payment Card Industry Data Security Standard (PCI DSS)

 

The PCI DSS is a technical and broad-ranging set of security requirements created by the Payment Card Industry, laying out what Merchants need to do to protect customer information. The PCI Council requires that Merchants meet this set of security requirements if their business accepts, transmits or processes customer payment cards, such as credit cards or debit cards. Merchants that do not comply with these requirements can be penalized in a number of ways, up to and including having their card-processing privileges revoked, leaving them unable to accept customer payment cards.

 

Visit www.pcisecuritystandards.org for more information.

 

Importance of PCI DSS Compliance and/or Certification

 

Compliance with the PCI DSS is mandatory. First Data wants to ensure all merchants adopt these standards and remain compliant. If a merchant is not compliant with PCI DSS, the Payment Card Networks could charge the merchant additional fees and fines, and the merchant may no longer be able to process credit card transactions.

Compliance means all requirements of the PCI DSS are met. To become certified, you must engage the services of Qualified Security Assessor "QSA" to validate your compliance to PCI DSS. The QSA will work on identifying areas of non-compliance. You must then remedy each area of non-compliance. Once all areas of non-compliance have been addressed, the QSA will re-evaluate and issue confirmation of compliance. If a merchant chooses to certify, the Certification to PCI DSS is at the merchant's expense.

 

Twelve Principle Requirements of PCI DSS

 

PCI DSS includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures, intended to help organizations proactively protect customer account data.

Failure to meet the PCI DSS 12 requirements may result in fines or termination of credit card processing privileges. Below are the twelve principle requirements of PCI DSS.

 

  • Install and maintain a firewall configuration to protect cardholder data.
  • Do not use vendor-supplied defaults for system passwords and other security parameters.
  • Protect stored cardholder data.
  • Encrypt transmission of cardholder data across open, public networks.
  • Use and regularly update antivirus software.
  • Develop and maintain secure systems and applications.
  • Restrict access to cardholder data by business need-to-know.
  • Assign a unique ID to each person with computer access.
  • Restrict physical access to cardholder data.
  • Track and monitor all access to network resources and cardholder data.
  • Regularly test security systems and processes.
  • Maintain a policy that addresses information security.

 

You can find PCI DSS and supporting documentation at www.pcisecuritystandards.org.

Merchant Levels and Validation Requirements

 

All merchants must comply with the PCI DSS regardless of the volume of transactions processed or the method the transactions are processed. That being said, certification requirements vary by business and are contingent upon the "Merchant Level".

PCI Rapid Comply is a simple, online compliance questionnaire that makes being compliant faster and easier.
 
Our PCI Rapid Comply solution is an easy-to-use online tool that can help our merchants achieve and maintain PCI DSS compliance more quickly and easily. It offers:
 
Step-by-step guidance to complete the annual self-assessment questionnaire (SAQ): Our step-by-step application will direct merchants to the PCI SAQ that is appropriate for their business (A, A-EP,B, B-IP,C, C-VT,P2PE or D). They can complete the SAQ with guided support, ensuring each question is answered accurately.
 
Fewer questions to answer – in some cases, 85% fewer questions: With “pre-SAQ” questions, we can pre-populate the appropriate SAQ answers – which are often the most difficult - minimizing the number of questions merchants have to deal with and speeding up the SAQ completion process.
 
Comprehensive support that ensures your questions get answered: Have a question? With our built-in help, guides and security expertise, we can answer any PCI questions merchants may have – online via chat, through email messages, or over the phone.

Any merchant processing between 1,000,000 and 6,000,000 Visa or MasterCard transactions annually of one card plan.

Any merchant processing between 20,000 and 1,000,000 Visa or MasterCard e-commerce transactions annually.

Any e-commerce merchant processing fewer than 20,000 Visa or MasterCard e-commerce transactions annually.
 
Any merchant (regardless of acceptance channel) processing fewer than 1,000,000 Visa or MasterCard transactions annually.

For more information on the PCI security standards and the Payment Card Network Compliance Programs, review the following websites:

https://www.pcisecuritystandards.org/

https://www.visa.ca/en_CA/run-your-business/merchant-resources/merchant-security.html

https://www.mastercard.us/en-us/business/overview.html

https://www.pcisecuritystandards.org/document_library

https://www.pcisecuritystandards.org/assessors_and_solutions/give_assessor_feedback

https://www.pcisecuritystandards.org/assessors_and_solutions/qualified_security_assessors

  • Contact
  • Site Map
  • Canada/Country Change
  • Privacy
  • Code of Conduct
  • AODA
  • Terms & Conditions

Product Support

  • Clover Support
  • Technical Support
  • Terms Glossary

© 2025 Fiserv, Inc. Fiserv is a registered trademark of Fiserv, Inc. All trademarks referenced here are the property of the respective owners. Fiserv Canada, Ltd. is an Independent Sales Organization (ISO) of Wells Fargo Bank, N.A., Canadian Branch, Toronto, Ontario, Canada. All trademarks, service marks and brand names used in this document are the property of their respective owners.

Site Selector