Q: What is PCI-DSS?
A: The Payment Card Industry Data Security Standard (PCI-DSS) is a worldwide information security standard mandated by the Payment Card Industry Security Standards Council. The Standard was created to help organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromises. You, as an owner, president, or signer of the merchant agreement, will be responsible for ensuring that your business becomes PCI compliant
Q: Who made the decision?
A: This was a collective decision made by Visa, MasterCard, American Express, Discover and JCB
Q: When did PCS begin because I’ve never heard of it? When do I have to be compliant?
A: The PCI Security Standards Council was launched September 2006. The council determined that all levels of merchants must be PCI compliant. According to the council, level 1-3 merchants have already passed their deadlines while level 4 merchants’ deadlines are set by the acquirer.
- Level 1: Merchants who process more than 6 million transactions per year
- Level 2: Merchants who process between 1 million and 6 million transactions per year
- Level 3: Merchants who process between 20,000 and 1 million Visa e-commerce transactions annually
- Level 4: Merchants who process less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually
Q: Where do I go become compliant?
Q: Why do I need to become PCI compliant?
A: Merchants should become PCI Compliant in order to make sure they are taking the proper care to ensure that cardholder data is protected. If a breach were to happen at your location, and if you are not PCI compliant at the time, the card associations may assess a fine against you and you will be liable for all the fraudulent transactions caused by the breach. However, if you are compliant, the fine may be reduced and you may not be responsible for the fraudulent transactions.
Q: Why am I being charged an annual PCI fee?
A: The merchant will be assessed a Monthly PCI fee in order to enroll in a PCI program to help them become compliant. This Monthly PCI fee will vary depending on whether or not you are a non-IP or IP
Q: Do I have to pay this fee?
A: Yes. However, if you are an existing merchant and are already certified, you may contact us at (800) 495-0122. Our dedicated Customer Service specialist will assist in sending the information provided to our processor in order to finalize your compliance. If this is done, an administrative filing fee may be assessed.
Q: Can your company do it for us? (Fill out the form and more)
A: No, you must become PCI compliant on your own. However, we can provide guidance.
Q: Will I be notified that my compliance will expire? When do I have to renew my compliance?
A: Merchants will be notified via email two month before the compliance certificate expires. During this time, you are required to renew your compliance as soon as possible in order to avoid additional fines or penalties that may result due to a non-compliant status. The expiration date is printed on your PCI Compliance certificate; nevertheless, you may also call us at (800) 495-0122 to check on your PCI status.