The card industry is increasingly concerned about the security of customer card data, especially with the number of data breaches on the
We believe it is important, now more than ever, for all merchants to become Payment Card Industry Data Security Standard (PCI DSS) compliant.
We have developed a product called Global Fortress, designed as a first line of defence to help you ensure you’re securely processing customer card
data in accordance with the payment industry mandated requirements. It simplifies the process for you to achieve and maintain PCI DSS compliance, by
giving you access to the resources you need to protect your customer card data.

Who is Global Fortress for?
All 4 merchants, defined by the Card Schemes as those merchants processing less than 1 million Visa or MasterCard transactions a year.

About Global Fortress:

Customer card data is essentially the personal, sensitive data, stored on or in the card that is key to making a transaction. All too often this is easily accessible once the card has been accepted by the merchant.

If you do not protect this data properly, fraudsters may find system vulnerabilities and hack in to steal it. We really don’t want you to be a victim of unauthorised access, suffer damage to your reputation or face fines imposed by the Card Schemes, so we have created Global Fortress to assist you in your PCI DSS compliance journey.

Global Fortress is available to you from as little as £3.50* per month per merchant ID (plus VAT, where applicable), which will be invoiced monthly in arrears.

* Prices correct as of Jan 2014. Global Fortress fees start from £3.50 per merchant ID per month (plus VAT, where applicable) where no vulnerability scans are required. If vulnerability scans are required, the fee is £7.00 per merchant ID per month (plus VAT, where applicable), allowing unlimited scanning of up to 3 URLs per merchant ID. If additional scans are required, you will need to pay an additional fee direct to SecurityMetrics™.
  • The Benefits of Global Fortress

    • A one-stop shop of resources to help you achieve PCI DSS compliance.
    • Access to SecurityMetrics™, our Qualified Security Assessor (QSA) partner for this product
    • Gives you the support you require to achieve PCI DSS compliance and avoid monthly non-compliance charges.
    • Reduces the risk of possible fines imposed by the Card Schemes.
    • When you sign up to Global Fortress, the remainder of the current month is free.
    • Access to SecurityMetrics™ PANscan™ - a simple to use tool that will help ensure you aren't storing customer card data.
    • Merchants with 6 or more merchant IDs may be offered a bespoke pricing option.
  • Why Should You Care If Your Customer Card Data Is Secure Or Not?

    If the customer card data you process isn’t held safely and securely, it could be stolen!

    If this were to happen, theft of your customer card data could cost you:
    • Loss of business
    • Loss of sales
    • Adverse reputational issues
    • Bad publicity
    • Card Scheme fines - likely to be at least £10,000 and are potentially unlimited. For example, one of our merchants was fined £100,000 as a result of a data breach.
    • Costs of corrective measures, which include forensic investigation costs – can be tens of thousands of pounds
    • Significant inconvenience
  • Avoid A Monthly Non-compliance Charge

    The cost and impact of data breaches has increased significantly due to merchants not adequately protecting their customer card data. As a result, we now require you to achieve PCI DSS compliance.

    If you fail to achieve and maintain PCI DSS compliance, we will apply a monthly non-compliance charge per merchant ID. We will advise you when this applies to you and provide at least two months notice.

    If you remain non-compliant, we will apply the monthly non-compliance charge for each month you remain non-compliant. The charge will be applied the following month in arrears and is non refundable.

Alternatives to Global Fortress

You don't have to choose Global Fortress, but you must achieve and maintain PCI DSS compliance. Essentially you have three options:

Option 1:Through an alternative Qualified Security Assessor (QSA).

Option 2:Complete a Self Assessment Questionnaire (SAQ) - non scanning merchants only.

If you choose one of the above options you will have to provide evidence of your compliance to us.*

Option 3: Fail to comply - Pay the monthly non-compliance charge and increase your risk of unlimited fines.

*You will not be compliant with the PCI DSS requirements until Global Payments has received and registered your compliance status with the Card Schemes. Until we receive this, you will be charged the monthly administrative fee and the monthly non-compliance charge.

Please send copies of your completed documentation to us at:

PCI DSS Compliance Programme Global Payments 51 De Montfort Street Leicester LE1 7BB