PCI Compliance

A Little Understanding Goes a Long Way

To ensure customer card data stays secure and to continue to be eligible to accept credit cards , all merchants should know a little about PCI compliance. Here’s the info you need.

Common Questions About PCI Compliance

What is PCI?

PCI DSS stands for Payment Card Industry Data Security Standards. It’s a set of requirements for enhancing the security of processing, storing, and transmitting credit card information. These standards were developed by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc., to facilitate industry-wide adoption of consistent data security measures on a global basis.

How do I get started with PCI compliance?

The best way to become PCI compliant initially is to ensure that when you set up your merchant account, you also follow the steps outlined in your Welcome Email to get logged into your processor PCI compliance portal. Once logged into the portal, use their respective tool and complete each step to achieving PCI compliance. For assistance, there is a PCI help desk phone number and outside consulting companies that can help you with this important step of opening a merchant account.

How long is the PCI compliance certification valid?

The PCI compliance certificate is valid for one year from the date the certificate is issued. You are advised to complete the PCI DSS self-assessment questionnaire on an annual basis.

Will I be provided with anything that proves I am PCI compliant?

Yes. Upon completion of your PCI validation, you will receive a certificate of compliance.

I’m already using a PCI compliant terminal/gateway. Why must my account be certified for PCI compliance?

The PCI Security Standards Council has various requirements programs. The Payment Application Data Security Standards (PA-DSS) is a set of requirements to help software vendors and others develop secure payment applications that do not store prohibited data such as full magnetic stripe, CVV2, or PIN data, and ensure their payment applications support compliance with the PCI DSS.

Use of a terminal/gateway that runs PA-DSS certified software is one of many components that are evaluated in the assessment of an account’s PCI DSS compliance.

I only process a few hundred dollars a month or operate a seasonal business. Does my merchant account still need to be PCI compliant?

Yes. All merchants, whether small or large, need to be PCI compliant. The payment brands have collectively adopted PCI DSS as the requirement for organizations that process, store, or transmit payment cardholder data. Inherent in having a merchant account is the ability to handle cardholder data. Small businesses are often the targets of hacking activities as frequently as the large retail stores consistently in the news for breaches.