Home     |    About Us    |    Press Release     |   Contact Us


PCI Compliance

What is PCI?
Technically, PCI stands for Payment Card Industry. PCI usually refers to the guidelines created to help ensure the security of card and customer information. The major card associations (Visa, MasterCard, Discover, Amex) developed a set of standards to help strengthen data security at the merchant level and combat credit card data compromises. These standards are the Payment Card Industry Data Security Standards (PCI DSS). Complying with PCI DSS is an industry requirement. All merchants must safeguard payment transaction data and conform to these standards.

As part of the industry initiative, all merchants must complete an SAQ. Please follow these steps to complete your SAQ:

Step 1. Click on the letter of the SAQ from the table below that corresponds to             your method of processing.
Step 2. Complete the SAQ to the best of your knowledge.
Step 3. Click on the Submit Form button in the top right corner.
Step 4. After pressing the Submit Form button, a pop up window will appear,             please enter your name and email address.
Step 5. Select the email method that you normally use.
            If Internet email is used, you must save the document and email it as             an attachment to pcisaq@centurybankcard.com. The completed SAQ             may also be printed and faxed to 818-700-3106.

If you need assistance with determining which SAQ you should complete, please contact our Customer Service Department at 888-690-7555 Ext: 2. If you are in need of a hardcopy form, open the appropriate form from the table below and print.



FAQ
How does PCI DSS apply to my company?
What are the PCI DSS requirements?
What cardholder information is considered "cardholder data"?
What is the deadline for PCI DSS compliance?
What if I determined that my operations are not PCI DSS compliant?
What are the penalties for non-compliance?
Where can I find additional information on PCI?
What if I've already completed an SAQ with my previous processor?
What if I have more questions that are not listed here?

 

SAQ Version Table and SAQs
The PCI DSS Self Assessment Questionnaire (SAQ) is a tool designed to assist merchants in determining their level of compliance. The SAQ version to be used is dependent upon the method of card acceptance. Outlined below are the different SAQ validation types, which correspond to the appropriate SAQ version.

Merchant Type
Description
Form to be Completed
1
Card-not-present (e-commerce or mail/telephone-order) merchants, all cardholder data functions outsourced. This would never apply to face-to-face merchants.
This SAQ should be used by merchant who process 100% non face-to-face transactions. This would include merchants whose customers enter their payment information into vendor systems (ex: Authorize.Net, Verisign, NetBilling, etc.).
2
Imprint-only merchants with no electronic cardholder data storage.
This Validation Type applies to those merchants who take card information manually and subsequently submit transactions for processing by phone via the Automated Response Unit (ARU).
3
Stand-alone terminal merchants, no electronic cardholder data storage.
This SAQ should be used by those merchants who take any amount of face-to-face transactions and swipe or key card information into a terminal, software or gateway.


If your method of processing does not match any of the above, please call our Customer Service Department at: 888-690-7555 Ext:2

Click Here for the SAQ Instructions and Guidelines Document



<< Return to Top of Page


























How does PCI DSS apply to my company?
PCI DSS applies to all entities that accept, process, store, and/or transmit transaction information. Requirements apply regardless of company size or volume of transactions. To put it simply, if a card or card number is accepted and/or processed for payment, PCI DSS applies to your business. << Back









































What are the PCI DSS requirements?
The PCI DSS requirements are overseen by the PCI Security Standards Council, an organization formed in 2006 by the major card brands. Requirements are available on the PCI Security Standards Council's website (link provided below). Also, Century Bankcard Services provides the Self Assessment Questionnaire (SAQ) to assist you in determining your current status of compliance. << Back









































What cardholder information is considered " cardholder data "?
Cardholder data pertains to more than simply the card account number. Any personally identifiable information that is associated with your customer is considered cardholder data. This includes, but may not be limited to, the card account number, expiration date, Card Verification Value, cardholder's billing and shipping addresses, Social Security Number, etc. << Back









































What is the deadline for PCI DSS compliance?
Compliance with PCI DSS requirements is mandatory now. Century Bankcard Services will continue to provide assistance and keep you informed of current and updated information on PCI DSS requirements. << Back









































What if I determine that my operations are not PCI DSS compliant?
If after review of the PCI DSS guidelines it is determined that your business is not yet compliant, please contact our Customer Service Department at the number listed below for assistance. You may wish to obtain assistance in bringing your organization up to PCI standards from a Qualified Security Assessor and/or Approved Scanning Vendor. You may access the current list for each from the links provided below. << Back








































What are the penalties for non-compliance?
Century Bankcard Services is not imposing any PCI non-compliance fine at this time. However, it is essential to keep in mind that should any type of breach occur it could potentially cost a business thousands upon thousands of dollars. These expenses could include compliance fines handed down from the card associations as well as the costs to replace cards involved and the fraudulent usage resulting from those cards. Therefore, adhering to compliance with mandated PCI requirements to help ensure security may save your company from these highly costly issues. << Back





































QSA Compliant Verification 
If your business have already completed a verification process with a Qualified Security Assessor (QSA), please submit a completed Report on Compliance or Report on Validation. You may submit the form to us via email, fax or postal mail using the contact information below. If you do not have either of these documents, please provide the completed report or other acknowledgement provided to you from your QSA. Upon verification, your merchant account will be removed from the program and refunded the annual PCI fee. << Back


















Additional Information and Links on PCI
Each of the major card brands maintains its own set of regulatory data security requirements. Along with the link to the PCI SSC, below you may access each program's specific guidelines. Also provided for your support is a glossary of PCI DSS terminology. << Back

PCI Security Standards Council
Visa
MasterCard
Discover
American Express
PABP List
Glossary (Global)

QSA List
                                                                                              


                                                               





















Contact Us

Email: PCIQuestions@centurybankcard.com
Fax: (818) 700-3106
Mail: Century Bankcard Services
9310 Topanga Canyon Boulevard, Suite #200
Chatsworth, CA 91311
Phone: (888) 690-7555, option #2
8a.m. - 5p.m PST, Monday through Friday

<< Back






















Home     |      About Us     |      Products & Services     |      Customer Support     |      Agent Support     |      Order Supplies     |      Press Release      |      Apply Now
Century Bankcard Services is a registered ISO and MSP of HSBC Bank, USA, National Association, Buffalo, NY. © 2009 All Rights Reserved