The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of requirements for ensuring the security of credit card transactions. The major credit card companies created an independent council to develop these standards to minimize identity theft and credit card fraud. Effective July 1st, 2010, any business in the world that accepts credit or debit cards is now required to be certified PCI Compliant.
Importance of PCI Compliance
First and foremost, meeting these security standards protects the sensitive financial information you gather from your customers and minimizes your risk of a security breach. If you are not certified and your business is compromised, you may be subject to fines of up to $50,000 per credit card, in addition to the expenses and fraudulent transactions resulting from the breach. Secondly, if you do not maintain your PCI compliance certificate, each credit card company may fine you a monthly fee for your lack of compliance.
Goals of PCI DSS Requirements
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
Become PCI Compliant
MerchantGuy is partnered with ControlScan, a company that certifies and validates PCI compliance for merchant accounts. You can enroll with ControlScan by contacting us to help walk you through the process. ControlScan will identify which version of the Self-Assessment Questionnaire is right for your business, adminster network scans if needed, and guide you through any necessary remediation efforts.
We recommend ControlScan because our agreement with them provides you with the least expensive and best service as well as $50,000 insurance policy per occurrence in the event of a merchant breach. If you would prefer to enroll with another assessor, a list of approved vendors is available on the card association web site or at pcisecuritystandards.org. If you have already been PCI DSS certified or if you choose to use another assessor, please submit your certification documentation to us directly.
Maintain Your PCI Compliance Certificate
Your PCI compliance certificate is valid for one year from the date of issue. Each year, you must fill out a Self-Assessment Questionnaire and pay a fee to maintain your PCI compliance certificate. Your MerchantGuy account meets PCI DSS standards, but you must go through this process annually to retain your certificate. You will receive an email yearly from ControlScan with a link to your questionnaire. Since many of the questions are technical in nature on how you are currently processing and handling customer credit card information, your MerchantGuy associate will be happy to walk you through the SAQ.