ALL MERCHANTS AND ORGANIZATIONS
Regardless of size or number of transactions, all merchants that accept, transmit or store any cardholder data must comply with the Payment Card Industry Data Security Standard (PCI DSS). The (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.
The (PCI DSS) is administered by the PCI Security Standards Council (SSC) www.pcisecuritystandards.org, an independent organization that was created by the major payment card associations (Visa, MasterCard, American Express, Discover and JCB).
Merchants that do not comply with PCI DSS may be subject to fines by the associations, card replacement costs, costly forensic audits, brand damage, etc., in the event a breach may occur.
Effective July 1, 2010, all merchants must comply with PCI DSS. The Payment Card Industry requires USPAY Group and all card processing companies to contact their merchants and direct them to comply with these requirements. The requirements have established an annual compliance fee of $99.00 that will be imposed to all merchants each year to cover the costs of compliance. Each merchant not in compliance will be charged an additional $19.95 for every month of non-compliance. This fee is charged by all processors for the purpose of insuring all merchants comply with this mandate.
PCI security for merchants and payment card processors is the vital byproduct of applying information security best practices in the Payment Card Industry Data Security Standard (PCI DSS). The standard includes 12 requirements for any business that stores, processes or transmits payment cardholder data. These requirements specify the framework for a secure payments environment, but for purposes of PCI compliance, their essence is three steps: Assess, Remediate and Report.
- Assess is the process of taking an inventory of your Information Technology assets and business processess for payment card processing, and analyzing them for vulnerabilities that could expose cardholder data.
- Remediate is the process of fixing those vulnerabilities.
- Report entails the compilation of records required by PCI DSS to validate remediation, and submission of compliance reports to the acquiring bank and card payment brands you do business with. Doing these three steps is an ongoing process for continuous compliance with the PCI DSS requirements and to help assure avoidance of penalties and fines.