facebook 32 facebook 32 facebook 32 facebook 32 facebook 32 facebook 32
Sign Up Today for a Credit Card Processing Merchant Account
Business Name

Invalid Input
 
First Name

Invalid Input
 
Last Name

Invalid Input
 
Telephone

Invalid Input
Email

Invalid Input
 
State

Invalid Input
 
Type of Business

Invalid Input
 


 

Home  //  Merchant Account Services PCI Compliance
Bookmark and Share
PCI Compliance
  • Print
Every merchant who accepts credit cards, debit cards and EBTs (electronic benefit transfers) must be in line with PCI compliance (or PCI DSS compliance).

At Embassy Bankcard Solutions, we are well versed in the details and intricacies of PCI security compliance to enhance and compliment your overall business and long term growth and we make it easier for you to navigate through the maze of PCI compliance.


What is PCI compliance?



The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.  Essentially any merchant that has a Merchant ID (MID).



The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with focus on improving payment account security throughout the transaction process.  The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.).



It is important to note, the payment brands and acquirers are responsible for enforcing compliance, not the PCI council.




PCI Compliance Requirements



The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information. The PCI DSS was created jointly in 2004 by four major credit-card companies: Visa, MasterCard, Discover and American Express.

The PCI DSS specifies and elaborates on six major objectives.

First, a secure network must be maintained in which transactions can be conducted. This requirement involves the use of firewalls that are robust enough to be effective without causing undue inconvenience to cardholders or vendors. Specialized firewalls are available for wireless LANs, which are highly vulnerable to eavesdropping and attacks by malicious hackers. In addition, authentication data such as personal identification numbers (PINs) and passwords must not involve defaults supplied by the vendors. Customers should be able to conveniently and frequently change such data.

Second, cardholder information must be protected wherever it is stored. Repositories with vital data such as dates of birth, mothers' maiden names, Social Security numbers, phone numbers and mailing addresses should be secure against hacking. When cardholder data is transmitted through public networks, that data must be encrypted in an effective way. Digital encryption is important in all forms of credit-card transactions, but particularly in e-commerce conducted on the Internet.

Third, systems should be protected against the activities of malicious hackers by using frequently updated anti-virus software, anti-spyware programs, and other anti-malware solutions. All applications should be free of bugs and vulnerabilities that might open the door to exploits in which cardholder data could be stolen or altered. Patches offered by software and operating system (OS) vendors should be regularly installed to ensure the highest possible level of vulnerability management.

Fourth, access to system information and operations should be restricted and controlled. Cardholders should not have to provide information to businesses unless those businesses must know that information to protect themselves and effectively carry out a transaction. Every person who uses a computer in the system must be assigned a unique and confidential identification name or number. Cardholder data should be protected physically as well as electronically. Examples include the use of document shredders, avoidance of unnecessary paper document duplication, and locks and chains on dumpsters to discourage criminals who would otherwise rummage through the trash.

Fifth, networks must be constantly monitored and regularly tested to ensure that all security measures and processes are in place, are functioning properly, and are kept up-do-date. For example, anti-virus and anti-spyware programs should be provided with the latest definitions and signatures. These programs should scan all exchanged data, all applications, all random-access memory (RAM) and all storage media frequently if not continuously.

Sixth, a formal information security policy must be defined, maintained, and followed at all times and by all participating entities. Enforcement measures such as audits and penalties for non-compliance may be necessary.


The Four Levels of PCI Compliance



All merchants that process credit cards―whether small or large―must be PCI compliant.

Merchants fall under four categories of PCI compliance, depending on the number of transactions they process each year, and whether those transactions are performed from a brick and mortar location or over the Internet.

Each payment card brand (Visa, MasterCard, etc.) has their own requirements and definitions of PCI compliance levels. Even though the PCI Security Standards Council (PCI SSC) developed these standards, compliance is actually mandated by the individual payment card brands - Visa, MasterCard, American Express, Discover and JCB International.

To give you a general idea of how to determine your PCI compliance level, here are Visa's PCI compliance level definitions:

PCI Compliance Level 1 - Merchants processing over 6 million Visa transactions annually (all channels) or Global merchants identified as Level 1 by any Visa region



PCI Compliance Level 2 - Merchants processing 1 million to 6 million Visa transactions annually (all channels)



PCI Compliance Level 3 - Merchants processing 20,000 to 1 million Visa e-commerce transactions annually



PCI Compliance Level 4 - Merchants processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually

Storefront merchants categorized as PCI compliance levels 2,3, and 4 must complete an annual self-assessment questionnaire (PCI SAQ) in addition to a required quarterly network scan performed by an approved scanning vendor. The nature of the questionnaires, as well as the deadlines for reaching PCI compliance, varies slightly depending on whether the merchant falls into PCI Compliance level 2, 3, or 4, but the basic requirements remain the same.

Internet-based merchants are also divided into PCI compliance levels 1- 4, with each PCI compliance level defined by the same transaction volumes as those for "brick and mortar" merchants. In addition, internet-based merchants at each PCI Compliance level must undergo a quarterly vulnerability scan performed by an approved scanning vendor. Though some PCI Compliance Level 1 internet-based merchants may be able to perform annual self-assessments (with the permission of their processor and card brand), the vast majority of internet-based merchants will be held to these PCI Compliance expectations.


PCI Compliance Results In Security


PCI DSS compliance allow merchants to significantly decrease the risk of electronic data fraud that could seriously jeopardize, damage, sabotage  your company, brand, and profit potential. Even a nominal data breach can snowball into loss of business, trust, and leave you open to a host of legal claims or fines


PCI compliance helps establish that important level of trust and feeling of security between you and your customers and repeat business.

By  adhering to PCI compliance, merchants assume responsibility for keeping out the various financial schemes, criminals, and professional financial fraud

Please contact Embassy Bankcard Solutions at 877-982-0700 to help you navigate through the PCI Compliance

Embassy Services Include:

✓ Highest Level Of Professional Integrity & Ethics
✓ Approval in as little as 24 hours
✓ In Business since 1991
✓ 24/7, U.S.-based customer service
✓ Best-in-class support
✓ No hidden fees
✓ Low, competitive rates
✓ Access To Latest Mobile & Secure Technologies
✓ Competitive Corporate Growth & Revenue Enhancers
✓ Special programs for Non-Profits & High Risk Merchants

pa QwickPAY is a complete payment solution allowing a merchant’s iPhone®, iPad®, iPod Touch®, Samsung Galaxy Tab™ or other Android® mobile device to evolve into a highly secure payment system. With QwickPAY, credit and signature debit sales can be accepted anytime, anyplace. Merchants simply have to swipe a credit or signature debit card using the iDynamo or BulleT Secure Card Reader Authenticator (SCRA).
eproce
eProcessingNetwork Web-based payment gateway combines the functionality of an electronic countertop terminal with the power to process transactions online that is scalable with limitless opportunities for long term revenue growth and profits . Merchants are able to accept credit cards and debit cards within a robust and powerfully single integrated system that incorporates the latest in ecommerce solutions as they become available. LEARN MORE...
authorize-logo-white

Authorize.net ‐ accept credit cards and electronic checks anytime, anywhere.

The Authorize.Net Payment Gateway can help you accept credit card and electronic check payments quickly and affordably. More than 212,000 merchants trust Authorize.Net to manage their transactions, help prevent fraud, and grow their business.

Learn More
Orlando Web Design Elijah Clark