What is PCI Compliance?
The Payment Card Industry (PCI) council, which includes American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc., standarised technical and security compliance programs that requires Service Providers, Banks and high-volume Merchants to follow strict security guidelines, including:
- Building and maintaining a secure network.
- Protecting cardholder data.
- Maintaining a vulnerability management program.
- Implementing strong access control measures.
- Regularly monitoring and testing networks.
- Maintaining an information security policy.
In accordance with these guidelines and with a third-party security assessment, PSP Card Services has been issued a certificate of PCI Compliance toward the requirements of the Payment Card Industry (PCI) Data Security Standards (DSS) validation methods.
Merchant complience levels as defined by Visa:
Merchant Level |
Description |
|
Any merchant -- regardless of acceptance channel -- processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system. |
2 |
Any merchant -- regardless of acceptance channel -- processing 1M to 6M Visa transactions per year. |
3 |
Any merchant processing 20,000 to 1M Visa e-commerce transactions per year. |
|
Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants -- regardless of acceptance channel -- processing up to 1M Visa transactions per year. |
PCI Educational Resources
We invite you to explore the educational materials that best meet your level of expertise. PCI Security Council continually adding new materials in formats that address all learning modalities. As a community, we rely on your input. If you know of some great PCI educational materials from independent sources, please tell us about them and we may share them here to help our community grow. VIEW ALL MATERIALS
Who does PCI apply to?
PCI compliance applies to all businesses accepting credit and debit cards payments, regardless of their size or their nature. Even tiny merchants using a mobile app on the weekend are required to meet the PCI Standard. PCI is the world's largest security standard, as it applies to millions of merchants, processors, ATM companies and other service providers world-wide.
Why do I have to be compliant?
To avoid getting breached and losing credit card numbers! Fines imposed by the card-brands in the event of a breach can be extremely costly. In this digital age all businesses should want to protect themselves.
I've been processing for years, why now?
With the release of PCI version 3 (the newest standard), Visa and MasterCard are now requiring that all processors validate the compliance of all their merchants. To make this process easy and affordable for our merchants, we've put together a PCI program that is included as part of our merchant services.
My provider is compliant, does that mean I'm compliant?
The short answer is no. While it is crucial to use point-of-sale providers, shopping carts and payment processors that are compliant, you are still responsible for your own staff and environment. A virus-infected computer or a dishonest staff member is all it could take to have someone steal credit card numbers from your business.
If my business has multiple locations do I need to validate PCI Compliance for each location?
Unless each location processes under a different Tax ID then you are only required to validate once annually for all locations. You may also be required to submit quarterly passing network scans by a PCI SSC Approved Scanning Vendor (ASV), if applicable.
What are the penalties for noncompliance?
Noncompliance can be very costly and although the payment brands fine the acquiring bank and not the merchant directly, penalties make their way downstream and could result in increased transaction fees or even termination of the banking relationship. An acquiring bank faces anywhere from $5,000 to $100,000 per month for PCI compliance violations.