PCI DSS Compliance
PCI DSS, the Payment Card Industry Data Security Standards, are designed to offer your customers of credit and payment cards a high level of trust. These security standards apply to all companies that process, store or transmit card and related customer information. IRN Payment Systems is committed to maintaining this standard of trust and security.
According to Visa®, during the last two years, more than 80% of all known cases of identity theft occur in smaller businesses. As a result, major credit card companies came together to develop the Payment Card Industry Data Security Standard (PCI DSS) for merchants.
PCI DSS provides four levels of merchant classifications. For example many of our merchants are Level 4 Merchants. A Level 4 Merchant is a merchant that processes less than 1MM of either Visa® or MasterCard® transactions or processes less than 20,000 Visa® or MasterCard® ecommerce transactions.
The Payment Card Industry mandates that all merchants must be certified under these Data Security Standards. However, many companies have found implementing PCI DSS requirements confusing. As a result, many companies do not yet meet PCI DSS requirements, and face regulatory fines as well as potentially crippling losses of customer data – and customer trust.
IRN Payment Systems has partnered with MindTeck, a leading provider of PCI DSS compliance services. MindTeck has made the certification process simple through their on-line service called SimplyPCI. Please click on the SimplyPCI icon to begin your certification process. SimplyPCI will assist you using easy to comprehend questionnaire forms that guide you through the process. If you have any questions, don’t hesitate to call us at (800) 366-1388 and ask for our Customer Service Department.
FAQ:
→ To whom does the Payment Card Industry Data Security Standards Compliance Program apply?The program encompasses all merchants and third party service providers that store, process, or transmit cardholder data.
→ What are the benefits of being in compliance with the Payment Card Industry Data Security Standards?It is good business practice to adhere to the PCI standards and protect cardholder information. Additionally, Visa®, MasterCard®, and Discover® Network may impose fines on their member banking institutions when merchants do not comply with PCI Data Security Standards.
→ What is "cardholder data"?Cardholder data is any personally identifiable data associated with a cardholder. This could be a name, address, account number, expiration date, social security number, etc. The account number is the critical component that makes the PCI Data Security Standards applicable. The PCI Data Security Standards apply to all cardholder data stored, processed, or transmitted.
→ Are Level 4 merchants ever required to validate their compliance?Yes. If a Level 4 merchant is deemed to be a "High Risk" merchant, they are required to validate compliance with the PCI Data Security Standards.
→ What is a "High Risk" merchant?Currently, merchants that are known to use non-compliant payment applications (applications known to store magnetic stripe, Cardholder Verification Value (CVV), or Cardholder Verification Value 2(CVV2) or Card Validation Code 2 (CVC2) or Card Identification (CID) fall into this "High Risk" category.
→ When is it acceptable to store magnetic stripe data?It is never acceptable to retain magnetic stripe data subsequent to transaction authorization.
→ What if a merchant does not store cardholder data?If a merchant does not store cardholder data, the PCI Data Security Standards still apply to the environment that transmits or processes cardholder data. This includes any service providers that a merchant uses.
→ Are there fines if cardholder data is compromised?Yes. If cardholder data that you are responsible for is compromised, you may be subject to the following liabilities and fines associated with non-compliance:
- · Potential fines of up to $500,000 (in the discretion of Visa, MasterCard, Discover Network or other card companies).
- · Cost of re-issuing cards associated with the compromise.
- · All fraud losses incurred from the use of the compromised account numbers from the date of compromise forward.
- · Cost of any additional fraud prevention/detection activities required by the card associations (i.e. a forensic audit) or costs incurred by credit card issuers associated with the compromise (i.e. additional monitoring of system for fraudulent activity).
- · Yes. However, in partnering with MindTeck, we have kept the cost to a minimum. Most of our competitors charge 2 and 3 times and some even 5 times the amount we charge. Keep in mind that the nominal fee that’s charged is nothing compared to the possible fines and penalities.