We are excited to announce that we have partnered with a 3rd party vendor to assist in providing an easy to use tool for higher success in achieving PCI compliance. Our PCI Compliance Program partner is ControlScan, an Approved Scanning Vendor (ASV) by the PCI DSS Council. They are a leading ASV provider of PCI Compliance solutions for small and medium-sized merchants. Their easy-to-use Smart SAQ Tools make achieving compliance less complicated To access and validate your account please visit www.mycontrolscan.com Login using the username and password provided in the notification you received or contact us
PCI Frequently Asked Questions:
What is PCI?
The Payment Card Industry (PCI) Data Security Standards are a set of rules that are regulated and mandated by the major credit card associations (Visa, MasterCard, Discover Card and American Express). These rules are passed on to the consumers, as well as all companies in the processing chain. To reduce the risk of lost, stolen or otherwise exposed sensitive cardholder data, this compliance is required to be upheld for all entities that accept credit cards.
What does PCI mean to me?
All merchants who accept credit cards as a form of payment for services or goods must have a program in place, whether it is at the merchant level or at the processor’s level. Both entities must abide by the regulations set by the card associations to assure that all cardholder data is always in a secure environment.
Who is at risk?
Any merchant who accepts credit cards from the biggest corporations to the smallest “mom & pop” shops are vulnerable to a security breach. Food and beverage merchants accounted for 57% of breached entities followed by retailers at 18%, hospitality merchants at 10%, and government and financial companies, each with 6%.
Who else is billing this?
Leaders in the payments industry are focusing on the most vulnerable problems and where technology solutions can do the most good for the lowest cost. So regardless of the processor, the technology and compliance applications are a requirement. We are mindful that, while security is a necessary thing, it doesn’t significantly add to a merchant’s ability to sell more goods and services. Without good security, however, a merchant’s ability to sell can certainly be affected.
Why a PCI Fee?
The Card Brands strongly encourages payment application vendors such as Pace Payment Systems to develop and conform their products to the PCI-DSS standards. These applications help merchants and the agents to mitigate compromise, prevent storage of sensitive cardholder data, and support overall compliance with PCI-DSS standards. Since cost is a large factor in choosing technology, most of the smaller merchants choose public lines. However, “Risk” is a trade-off for “Cost”, and we at Pace Payment Systems will strive to always maintain and uphold our end to assure that cardholder data is not at risk.
How does PCI DSS apply to my company?
PCI DSS applies to all entities that accept, process, store, and/or transmit transaction information. Requirements apply regardless of company size or volume of transactions. To put it simply, if a card or card number is accepted and/or processed for payment, PCI DSS applies to your business.
What are the PCI DSS requirements?
The PCI DSS requirements are overseen by the PCI Security Standards Council, an organization formed in 2006 by the major card brands. Requirements are available on the PCI Security Standards Council’s website (link provided below). Also, Pace Payment Systems provides access to the Self-Assessment Questionnaire (SAQ) to assist you in determining your current status of compliance.
What cardholder information is considered cardholder data?
Cardholder data pertains to more than simply the card account number. Any personally identifiable information that is associated with your customer is considered cardholder data. This includes, but may not be limited to, the card account number, expiration date, Card Verification Value, cardholder’s billing and shipping addresses, Social Security Number, etc.
What are the penalties for non-compliance?
It is essential to keep in mind that should any type of breach occur, it could potentially cost a business thousands upon thousands of dollars. These expenses could include compliance fines handed down from the card companies, as well as the costs to replace cards involved and the fraudulent usage resulting from those cards. Compliance with mandated PCI requirements to help ensure security may save your company from these highly costly issues. You are required to submit validation of compliance annually to Pace Payment Systems. A non-compliance fee will be assessed to your account monthly, until your account is in compliance. The tools for validating compliance are included in this website (see above). Each of the major card brands maintains its own set of regulatory data security requirements. Along with the link to the PCI SSC, below you may access each program’s specific guidelines. Also provided for your support is a glossary of PCI DSS terminology.