Global Payments Level 4 Merchants PCI DSS Program

The Payment Card Industry Data Security Standard (PCI DSS) is a globally adopted industry standard that sets out the procedures that must be complied with to ensure the safe storage, processing and transmission of payment card data.

For detailed information on how to get PCI DSS compliant, please visit PCI DSS website and enter the 'For Merchant' section where you will find all of the information you require, including how to find a locally based Qualified Security Assessor (QSA) to help you through the process.

What is PCI DSS - Payment Card Industry Data Security Standard?

The PCI Data Security Standard represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information. Initially created by aligning Visa's Account Information Security (AIS)/Cardholder Information Security (CISP) programs with MasterCard's Site Data Protection (SDP) program, the standard provides an actionable framework for developing a robust account data security process - including preventing, detecting and reacting to security incidents. The updated version, version 1.1, developed by the founding members of the PCI Security Standards Council, became effective with the launch of the PCI Security Standards Council.

Why is customer card data security important to merchants?

The Payment Card Industry Data Security Standard (PCI DSS) was established in 2006 by the major card brands (Visa, MasterCard, American Express, Discover Financial Services, JCB International). All businesses that process, store, or transmit payment card data are required to implement the standard to prevent cardholder data theft.

Your business depends on your reputation and integrity. Ensuring cardholder data is secure will allow you to continue to grow your business while maintaining the integrity of your reputation. A security incident at your merchant location could result in loss of sales, adverse reputational damage and increased cost due to fines.

Who are those merchants that need to be PCI DSS compliant?

The PCI DSS applies to all Level 4 Merchants, though all merchants are required to be compliant. Level 4 Merchants are all merchants regardless of acceptance channels processing less than 20,000 MasterCard or Visa ecommerce transactions per year and all other merchants processing up to 1 million MasterCard or Visa transactions per year.

What are the benefits of Being PCI DSS compliant?

  • Reduces the risk of possible fines imposed by the Card Schemes if you ever have a security breach.
  • Avoid loss of reputation. Compliance is an ongoing process, not a one-time event. It helps prevent security breaches and theft of payment card data, not just today, but in the future.
  • Your systems will be certified to be secure, and customers can trust you with their sensitive payment card information.

More PCI DSS Compliance Options?

Merchants do not have to choose the Program, but merchants must achieve and maintain PCI DSS compliance. Essentially merchants have three options:

  • Option 1: Through an alternative Qualified Security Assessor (QSA).
  • Option 2: Complete a Self-Assessment Questionnaire (SAQ) - non scanning merchants only.
  • NOTE: If merchants choose one of the above options merchants will have to provide evidence of their compliance to SecurityMetrics™ to avoid the monthly $50 Non-compliance Fee*

  • Option 3: Fail to comply - Pay the monthly non-compliance charge and increase your risk of unlimited fines.