What every merchant needs to know about PCI Compliance.
Here are the basic questions that we always get asked –
- How do I get compliant – contact your credit card company and get set up to do a SAQ. SAQ is the Self Assessment Questionaire that every merchant is required to complete, it is required by the card brands. Most companies have a portal where you log in and put in the info – and if you need help there is always a toll free number to call to get you assistance.
- I have a computer POS System what do I do – answer the questions and get set up for a SCAN – any merchant using the internet must have their system scanned.
- What happens if we get breached? Some companies offer assistance or offer breach coverage so you are not out of pocket for the fines.
- My Computer point of sale system is running Windows XP – that product is not compliant and you need to find out how to get it upgraded or get a new system.
Below we outline more info about PCI – everything you wanted to know about PCI compliance and we know you did not want to ask!
The PCI Data Security Standards are a set of requirements created by the PCI Security Standards Council. You can download the exact specification HERE. The Council was founded by the five major card brands: VISA, MasterCard, American Express, Discover, and JCB. This industry consortium mandates handling of credit card information, classification of merchants, and validation of merchant compliance. As a merchant, you are responsible for the security of cardholder data and must be careful not to store certain types of data on your systems or the systems of your third-party service providers. You are also responsible for any damages or liability that may occur as a result of a data security breach or other non-compliance with the PCI Data Security Standards. The information security principles contained within these standards are the best practices drawn from the National Institute of Standards and Technology (NIST) and are from internationally-recognized standards for information security practices.
Below is a list of websites explaining in more detail the PCI requirements expectations of the following providers.
Every year you must complete your SAQ – PCI Self Assessment Questionnaire.
Pai Secure –
PAI Secure is a four step program that was created by PAI by recognizing the risks being posed to all of our customers. The program will help your business comply with the Payment Card Industry (PCI) Data Security Standard (DSS) requirements and protect you (the business owner) in cases of data breach.
- Manual Option Self-Assessment Questionnaire
- Data Breach Indemnification
- Network IP Scans
- Automated Self-Assessment Questionnaire Management
Why do I need PAI Secure?
- Are you aware that you are prohibited from storing any cardholder magnetic stripe data?
- Did you know there are security requirements for storage of any cardholder information?
- Do you have a written and communicated policy for data security?
- ALL POS manufacturers are now required have their terminals and applications certified and listed on the Visa Payment Application Best Practices (PABP) report. Is your equipment PCI compliant?
- If your software version is not listed, your system probably is not compliant.
- Does your system store cardholder data without your knowledge?
- Can you afford a forensic audit costing an average of $10,000 with resulting fines of $25,000 or more?
If you answered “no” or “I don’t know” to any of the questions above, we have the solution for you!
Even if you are aware of the requirements above, keeping up with the ever evolving world of PCI DSS is difficult at best. PAI Secure is a one-stop solution for keeping you up-to-date on all of the requirements and providing the resources to maintain compliance.
Go to our Contact page or call Toll-Free 1-866-677-2265 and a Nationwide Payment Systems – Payments Professional can go over your specific needs and find you the right solutions together.