Security you can trust is essential to any business that accepts electronic payments.
The Card Associations (American Express, Discover, MasterCard, Visa) follow the Payment Card Industry Data Security Standard (PCI DSS) to ensure the protection of cardholder data.
All businesses accepting credit/debit cards are required to comply with the PCI DSS. The following facts about PCI compliance will help better prepare you and your business for the required standards.
What is PCI DSS?
PCI DSS are the security guidelines developed by the card associations to protect cardholders, merchants, and acquiring banks from data breaches.
PCI DSS Summary:
- Build and maintain a secure system
- Improve your reputation with your customers
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Identify ways to improve the efficiency of your IT infrastructure
Compliance with PCI DSS helps reduce fraud losses and increase customer satisfaction, which in turn leads to higher sales for your businesses.
PCI Compliance Steps
Requirements differ based upon the number of transactions processed by a business and your credit card processing environment. Depending on your POS environment, you may need to complete a Self-Assessment Questionnaire (SAQ) and have mandatory quarterly network scans.
The SAQ contains multiple choice questions designed to understand your card acceptance and processing environment. The quarterly network scans identify unsecured systems through vulnerability testing. These systems would provide an opportunity for hackers to steal valuable cardholder data, leading to a data compromise or security breach. Premier Payments also works with you to complete or review your PCI DSS (Payment Card Industry Data Security Standard).
Dial-up Terminal Merchants
Merchants using dial-up terminals like the ones made by Verifone, Lipman/Nurit and Ingenico just need to fill out Self-Assessment Questionnaire (SAQ) type B.
Dial-up terminals are programmed by the merchant account provider with the processor’s application and comply with all PCI DSS requirements. They do not store prohibited data such as track data or the card-validation code (3 or 4 digit number on the front or the back of the card) sometimes used for key entered transactions.
Virtual Terminal Merchants
Merchants using web based virtual terminals just need to fill out Self-Assessment Questionnaire (SAQ) type A. One of the most common compliant virtual terminals is Authorize.Net.
Virtual terminal users must ensure that the virtual terminal provider they are using is either PABP or PA-DSS validated. When undergoing validation, the gateway is audited to ensure that all PCI DSS requirements are followed.