Payment Card Industry Data Security Standards (PCI DSS) for Merchants
What is PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) represents a common set of industry standards or best practices that help ensure the safe handling of sensitive information. These standards were established by the five global payments brands: American Express®, Discover®, MasterCard®, JCB® and Visa®. PCI DSS is a set of 12 comprehensive requirements; common sense steps that mirror best practices and provide a framework for a secure payment environment. PCI DSS compliance validation is required for all merchants that process, store or transmit payment card data, regardless of size or point-of-sale (POS) solution. A merchant’s processing volume, card-handling processes and processing environment determine which PCI DSS requirements apply to their business.
PCI DSS Merchant Categories
Any merchant (regardless of acceptance channel) processing over
6,000,000 Visa or MasterCard transactions per year
Any merchant that has suffered a hack or an attack that resulted in an
account data compromise
Any merchant that either Visa or MasterCard, in their sole discretion,
determine should meet the Level 1 merchant requirements to minimize
risk to the system
Any merchant (regardless of acceptance channel) processing
1,000,000 to 6,000,000 Visa or MasterCard transactions per year
Any merchant processing 20,000 to 1,000,000 Visa or MasterCard
ecommerce transactions per year
Any merchant processing fewer than 20,000 Visa or MasterCard
ecommerce transactions per year, and all other merchants (regardless
of acceptance channel) processing up to 1,000,000 Visa or MasterCard
transactions per year
PCI DSS Compliance Requirements
|GOALS||PCI DSS REQUIREMENTS|
|Build and Maintain a Secure Network||
|Protect Cardholder Data||
|Maintain a Vulnerability Management Program||
|Implement Strong Access Control Measures||
|Regularly Monitor and Test Networks||
|Maintain an Information Security Policy||
PCI DSS is also a critical component in securing your customers' payment card data and safeguarding your business. Compliance helps you create and maintain a positive image and enhance consumer confidence. Failure to comply can result in fines, cancelled accounts and reputational impacts to your business.
How to Comply
To begin the compliance process you will need to engage the services of a Qualified Security Assessor (QSA). A QSA is a data security firm that has been trained and is certified by the PCI Security Standards Council to assess compliance to the PCI DSS. To further assist you, Global Payments has partnered with SecurityMetrics for the provision of PCI compliance services.
SecurityMetrics has extensive PCI experience. Since 2001, they have helped over one million merchants, having developed methods and expert tools that simplify PCI compliance. As a QSA and Approved Scanning Vendor (ASV), SecurityMetrics assists merchants in validating compliance and implementing the PCI Data Security Standard. SecurityMetrics is certified to perform PCI scans, onsite PCI audits, payment application software audits, point-of-sale terminal security audits, penetration tests and forensic analysis to help prevent and assess card data compromises. As technology and card processing situations change, SecurityMetrics can help merchants achieve and maintain PCI compliance.
Should have any questions regarding the PCI DSS requirements or compliance process, please contact a Global Payments
representative at 1-800-361-8170, a member of Global Payments' Canadian compliance department at
email@example.com, or SecurityMetrics at 1-877-364-9172.
For additional information on PCI DSS, you may wish to refer to the following resources: