Merchants and Service Providers that store, process, or transmit cardholder data must comply with PCI DSS and the Payment Card Network Compliance Programs.
The PCI DSS is enforced by the Payment Card Networks (Visa International, MasterCard Worldwide, American Express, Discover Financial Services, and JCB). Even though certification requirements vary by business and depend on your "Merchant Level" or "Service Provider Level", failure to comply with PCI DSS and the Payment Card Network Compliance Programs may result in a Merchant having to pay fines, fees and/or their processing services terminated.
First Data wants to ensure all its merchants are compliant. Below we are providing data security information and links to assist in assessing the actions your business should take to ensure that it remains compliant.
The PCI Security Standards Council (PCI SSC) is a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. The PCI Security Standards Council (PCI SSC) is an independent body founded in September 2006 by the five major credit card networks: American Express, Discover Financial, JCB, MasterCard Worldwide, and Visa International.
The PCI SSC is also responsible for the training and qualification of security assessors and vendors that validate merchant and service provider compliance against these standards. The PCI SSC is not responsible for enforcing compliance to these standards. Enforcement of compliance is managed independently by the Payment Card Networks.
Visit www.pcisecuritystandards.org for more information.
The PCI DSS is a technical and broad-ranging set of security requirements created by the Payment Card Industry, laying out what Merchants need to do to protect customer information. The PCI Council requires that Merchants meet this set of security requirements if their business accepts, transmits or processes customer payment cards, such as credit cards or debit cards. Merchants that do not comply with these requirements can be penalized in a number of ways, up to and including having their card-processing privileges revoked, leaving them unable to accept customer payment cards.
Visit www.pcisecuritystandards.org for more information.
Compliance with the PCI DSS is mandatory. First Data wants to ensure all merchants adopt these standards and remain compliant. If a merchant is not compliant with PCI DSS, the Payment Card Networks could charge the merchant additional fees and fines, and the merchant may no longer be able to process credit card transactions.
Compliance means all requirements of the PCI DSS are met. To become certified, you must engage the services of Qualified Security Assessor "QSA" to validate your compliance to PCI DSS. The QSA will work on identifying areas of non-compliance. You must then remedy each area of non-compliance. Once all areas of non-compliance have been addressed, the QSA will re-evaluate and issue confirmation of compliance. If a merchant chooses to certify, the Certification to PCI DSS is at the merchant's expense.
PCI DSS includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures, intended to help organizations proactively protect customer account data.
Failure to meet the PCI DSS 12 requirements may result in fines or termination of credit card processing privileges. Below are the twelve principle requirements of PCI DSS.
You can find PCI DSS and supporting documentation at www.pcisecuritystandards.org.
All merchants must comply with the PCI DSS regardless of the volume of transactions processed or the method the transactions are processed. That being said, certification requirements vary by business and are contingent upon the "Merchant Level".
PCI Rapid Comply is a simple, online compliance questionnaire that makes being compliant faster and easier.
Our PCI Rapid Comply solution is an easy-to-use online tool that can help our merchants achieve and maintain PCI DSS compliance more quickly and easily. It offers:
Step-by-step guidance to complete the annual self-assessment questionnaire (SAQ): Our step-by-step application will direct merchants to the PCI SAQ that is appropriate for their business (A, A-EP,B, B-IP,C, C-VT,P2PE or D). They can complete the SAQ with guided support, ensuring each question is answered accurately.
Fewer questions to answer – in some cases, 85% fewer questions: With “pre-SAQ” questions, we can pre-populate the appropriate SAQ answers – which are often the most difficult - minimizing the number of questions merchants have to deal with and speeding up the SAQ completion process.
Comprehensive support that ensures your questions get answered: Have a question? With our built-in help, guides and security expertise, we can answer any PCI questions merchants may have – online via chat, through email messages, or over the phone.
Any merchant processing between 1,000,000 and 6,000,000 Visa or MasterCard transactions annually of one card plan.
Any merchant processing between 20,000 and 1,000,000 Visa or MasterCard e-commerce transactions annually.
Any e-commerce merchant processing fewer than 20,000 Visa or MasterCard e-commerce transactions annually.
Any merchant (regardless of acceptance channel) processing fewer than 1,000,000 Visa or MasterCard transactions annually.
For more information on the PCI security standards and the Payment Card Network Compliance Programs, review the following websites:
https://www.pcisecuritystandards.org/
https://www.visa.ca/en_CA/run-your-business/merchant-resources/merchant-security.html
https://www.mastercard.us/en-us/business/overview.html
https://www.pcisecuritystandards.org/document_library
https://www.pcisecuritystandards.org/assessors_and_solutions/give_assessor_feedback
https://www.pcisecuritystandards.org/assessors_and_solutions/qualified_security_assessors