The Payment Card Industry Data Security Standard (PCI DSS) is a mandated set of requirements designed to ensure that ALL entities processing, storing or transmitting credit card information maintain a secure environment to protect the integrity of cardholder data.

Effective July, 2010, it is the responsibility of each merchant - any entity accepting payment cards branded as MasterCard, Visa, American Express or Discover (including debit, credit and pre-paid cards) -
to prove compliance to all PCI DSS mandates. PCI DSS mandates apply to all organizations or merchants, regardless of size or number of transactions.

A merchant’s failure to comply with PCI DSS mandates may result in penalties, potentially including increased transaction fees, termination of processing services and/or monetary fines.

The full set of PCI DSS requirements can be found on the PCI Security Standards Council’s website:

https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

Since it is the responsibility of the major payment card brands to enforce these regulations, each brand has created compliance policies based on the PCI DSS standards. For details regarding specific card types, please visit the following links:

		http://usa.visa.com/merchants/risk_management/cisp.html
		http://www.mastercard.com/us/sdp/index.html

Each merchant will be required to prove compliance with the PCI DSS by successfully completing a Self-Assessment Questionnaire and, if applicable, a vulnerability scan of all processing systems with internet connectivity. Once completed, the merchant will receive a PCI Compliance certificate valid for one year.

Each processor has implemented distinct strategies for providing certification opportunities to its merchants. Therefore, the procedures, costs and fees associated with the testing and certification process will vary.