|
Home | About Us | Press Release | Contact Us |
| The
What’s, Who’s & Why’s of PCI Compliance |
|||||||||||||
|
What is PCI? The Payment
Card Industry Data Security Standard’s
are a set of rules that are regulated and mandated by the major credit
card associations (Visa, MasterCard, Discover
Card and American Express). These rules are passed on to the
consumers, as well as all companies in the processing chain. To reduce
the risk of lost, stolen or otherwise exposed sensitive cardholder data,
this compliance is required to be upheld for all entities
that accept credit cards.
What does PCI mean to me? All merchants who accept credit cards as a form of payment for services or goods must have a program in place, whether it is at the merchant level or at the processor’s level. Both entities must abide by the regulations set by the card associations to assure that all cardholder data is always in a secure environment. Who is at risk? Any merchant who accepts credit cards from the biggest corporations to the smallest “mom & pop” shops are vulnerable to a security breach. Food and beverage merchants accounted for 57% of breached entities followed by retailers at 18%, hospitality merchants at 10%, and government and financial companies, each with 6%. Hospitality was the leader in 2009, but Trustwave* noted that a major organized crime group that earlier targeted mainly hotels expanded its focus to restaurants in 2010. This ring may have been involved in 36% of the breaches. Who else is billing this? Leaders in the payments industry are focusing on the most vulnerable problems and where technology solutions can do the most good for the lowest cost. So regardless of the processor, the technology and compliance applications are a requirement. We are mindful that, while security is a necessary thing, it doesn't significantly add to a merchant's ability to sell more goods and services. Without good security, however, a merchant's ability to sell can certainly be affected. Why a PCI Fee? Visa strongly encourages payment application vendors such as Century Bankcard Services to develop and conform their products to the PCI-DSS standards. These applications help merchants and the agents to mitigate compromise, prevent storage of sensitive cardholder data, and support overall compliance with PCI-DSS standards. Since cost is a large factor in choosing technology, most of the smaller merchants choose public lines. However, "Risk" is a trade-off for "Cost", and we at Century Bankcard Services will strive to always maintain and uphold our end to assure that cardholder data is never at risk. | |||||||||||||
*Trustwave: The
leading provider of on-demand data security and payment card industry
compliance management solutions to businesses and organizations throughout
the world. www.Trustwave.com
| Click
the following link for an interesting article that outlines what happens
to merchants and their customers who are not protected with PCI Compliance:
www.Boston.com | ||||||||||||
 This page will "pop up" in a new window. |  This video will "pop-up" in a new window. | ||||||||||||
|
Technically, PCI stands for Payment Card Industry.
PCI usually refers to the guidelines created to help ensure the security
of card and customer information. The major card associations (Visa,
MasterCard, Discover, Amex) developed a set of standards to help strengthen
data security at the merchant level and combat credit card data compromises.
These standards are the Payment Card Industry Data Security Standards
(PCI DSS). Complying with PCI DSS is an industry requirement. All merchants
must safeguard payment transaction data and conform to these standards.
As part of the industry initiative, all
merchants must complete an SAQ. Please follow these steps to complete
your SAQ: | |||||||||||||
|
SAQ Version Table
and SAQs
The PCI DSS Self Assessment Questionnaire (SAQ) is a tool designed to assist merchants in determining their level of compliance. The SAQ version to be used is dependent upon the method of card acceptance. Outlined below are the different SAQ validation types, which correspond to the appropriate SAQ version. | |||||||||||||
If your method of processing does not match any of the above, please call our Customer Service Department at: 888-690-7555 Ext: 2 | |||||||||||||
|
How does PCI DSS apply to my company?
PCI DSS applies to all entities that accept, process, store, and/or transmit transaction information. Requirements apply regardless of company size or volume of transactions. To put it simply, if a card or card number is accepted and/or processed for payment, PCI DSS applies to your business. What are the PCI DSS requirements? The PCI DSS requirements are overseen by the PCI Security Standards Council, an organization formed in 2006 by the major card brands. Requirements are available on the PCI Security Standards Council's website (link provided below). Also, Century Bankcard Services provides the Self Assessment Questionnaire (SAQ) to assist you in determining your current status of compliance. What cardholder information is considered " cardholder data "? Cardholder data pertains to more than simply the card account number. Any personally identifiable information that is associated with your customer is considered cardholder data. This includes, but may not be limited to, the card account number, expiration date, Card Verification Value, cardholder's billing and shipping addresses, Social Security Number, etc. What is the deadline for PCI DSS compliance? Compliance with PCI DSS requirements is mandatory now. Century Bankcard Services will continue to provide assistance and keep you informed of current and updated information on PCI DSS requirements. What if I determine that my operations are not PCI DSS compliant? If after review of the PCI DSS guidelines it is determined that your business is not yet compliant, please contact our Customer Service Department at the number listed below for assistance. You may wish to obtain assistance in bringing your organization up to PCI standards from a Qualified Security Assessor and/or Approved Scanning Vendor. You may access the current list for each from the links provided below. What are the penalties for non-compliance? Century Bankcard Services is not imposing any PCI non-compliance fine at this time. However, it is essential to keep in mind that should any type of breach occur it could potentially cost a business thousands upon thousands of dollars. These expenses could include compliance fines handed down from the card associations as well as the costs to replace cards involved and the fraudulent usage resulting from those cards. Therefore, adhering to compliance with mandated PCI requirements to help ensure security may save your company from these highly costly issues. QSA Compliant Verification If your business have already completed a verification process with a Qualified Security Assessor (QSA), please submit a completed Report on Compliance or Report on Validation. You may submit the form to us via email, fax or postal mail using the contact information below. If you do not have either of these documents, please provide the completed report or other acknowledgement provided to you from your QSA. Upon verification, your merchant account will be removed from the program and refunded the annual PCI fee. Additional Information and Links on PCI Each of the major card brands maintains its own set of regulatory data security requirements. Along with the link to the PCI SSC, below you may access each program's specific guidelines. Also provided for your support is a glossary of PCI DSS terminology. PCI Security Standards Council Visa MasterCard Discover American Express PABP List Glossary (Global) QSA List Contact Us
| |||||||||||||
Home |
About Us |
Products & Services |
Customer Support |
Agent Support |
Order
Supplies |
Press Release |
Apply Now
Century Bankcard Services is a registered ISO/MSP of HSBC Bank USA, National Association, Buffalo, NY Century Bankcard Services is a registered ISO/MSP of Wells Fargo Bank, N.A., Walnut Creek, CA |
|||||||||||||