The Payment Card Industry Data Security Standard (PCI) is a set of requirements designed to ensure that ALL entities processing, storing or transmitting credit card information maintain a secure environment to protect the integrity of cardholder data. Per PCI standards, it is the responsibility of each merchant, regardless of size, business type or number of transactions, to prove compliance to all PCI mandates. A merchant’s failure to comply with PCI standards may result in penalties, potentially including increased transaction fees, termination of processing services and/or monetary fines.

 


The full set of PCI DSS requirements can be found on the PCI Security Standards Council’s website:

https://www.pcisecuritystandards.org/pci_security

Since it is the responsibility of the major payment card brands to enforce these regulations, each brand has created compliance policies based on the PCI DSS standards. For details regarding specific card types, please visit the following links:

 
https://usa.visa.com/support/small-business/security-compliance.html
     
 
http://www.mastercard.com/us/sdp

 


Each merchant will be required to prove compliance with the PCI DSS by successfully completing a Self-Assessment Questionnaire and, if applicable, a vulnerability scan of all processing systems with internet connectivity. Once completed, the merchant will receive a PCI Compliance certificate valid for one year.

Each processor has implemented distinct strategies for providing certification opportunities to its merchants. Therefore, the procedures, costs and fees associated with the testing and certification process will vary.


 

 

 

 

 

 

 

 

Home Home FI Home