PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI DSS) FOR MERCHANTS
What is PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) represents a common set of industry standards or best practices that help ensure the safe handling of sensitive information. These standards were established by the five Global Payments brands: American Express®, Discover®, MasterCard®, JCB® and Visa®. PCI DSS is a set of 12 comprehensive requirements; common sense steps that mirror best practices and provide a framework for a secure payment environment. PCI DSS compliance validation is required for all merchants that process store or transmit payment card data, regardless of size or point-of-sales (POS) solution. A merchant’s processing volume, card-handling processes and processing environment determine which PCI DSS requirements apply to their business.
PCI DSS Merchant Categories
Level 1
| CATEGORY | DESCRIPTION |
|---|---|
|
Any merchant (regardless of acceptance channel) processing over 6,000,000 Visa or MasterCard transactions per year. Any merchant that has suffered a hack or an attack that resulted in an account data compromise. Any merchant that either Visa or MasterCard, in their sole discretion, determine should meet the Level 1 merchant requirements to minimize risk to the system |
|
|
Level 2 |
Any merchant (regardless of acceptance channel) processing 1,000,000 to 6,000,000 Visa or MasterCard transactions per year. |
|
Level 3 |
Any merchant processing 20,000 to 1,000,000 Visa or MasterCard ecommerce transactions per year. |
|
Level 4 |
Any merchant processing fewer than 20,000 Visa or MasterCard ecommerce transactions per year, and all other merchants (regardless of acceptance channel) processing up to 1,000,000 Visa or MasterCard transactions per year. |
PCI DSS Compliance Requirements
| GOALS | |
|---|---|
|
Build and Maintain a Secure Network |
1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters |
|
Protect Card Data |
3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks |
|
Maintain a Vulnerability Management Program |
5. Use and regularly update anti-virus software or programs 6. Develop and maintain secure systems and applications |
|
Implement Strong Access Control Measures |
7. Restrict access to cardholder data by business need to know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data |
|
Regularly Monitor and Test Networks |
10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes |
|
Maintain an Information Secure Policy |
12. Maintain a policy that addresses information security for all personnel |
Why Comply
PCI DSS is also a critical component in securing your customers’ payment card data and safeguarding your business. Compliance helps you create and maintain a positive image and enhance consumer confidence. Failure to comply can result in fines, cancelled accounts and reputational impacts to your business.
How To Comply
To begin the compliance process you will need to engage the services of a Qualified Security Assessor (QSA). A QSA is a data security firm that has been trained and is certified by the PCI Security Standards Council to assess compliance to the PCI DSS. To further assist you, Global Payments has partnered with ControlScan for the provision of PCI compliance services. ControlScan has extensive PCI experience. Since 2001, they have helped over one million merchants, having developed methods and expert tools that simplify PCI compliance. As a QSA and Approved Scanning Vendor (ASV), ControlScan assists merchants in validating compliance and implementing the PCI Data Security Standard. ControlScan is certified to perform PCI scans, onsite PCI audits, payment application software audits, point-of-sale terminal security audits, penetration tests and forensic analysis to help prevent and assess card data compromises. As technology and card processing situations change, ControlScan can help merchants achieve and maintain PCI compliance.
Questions?
Should have any questions regarding the PCI DSS requirements or compliance process, please contact a Global Payments representative at 1-800-361-8170, a member of Global Payments’ Canadian compliance department at cdn.pcicompliance@globalpay.com, or ControlScan at 1-888-365-0962.
For additional information on PCI DSS, you may wish to refer to the following resources:
Social
Global Payments Direct, Inc. is a registered ISO of Wells Fargo Bank, N.A., Concord, CA.
Global Payments Direct, Inc is a registered ISO of BMO Harris Bank N.A.
© 2020 Global Payments Inc. All rights reserved. Terms of Use Accessible Customer Service Policy Privacy Statement