PCI DSS Compliance ServicesEvery entity that stores, processes or transmits cardholder data must be PCI Compliant – in other words they must comply with the Payment Card Industry Data Security Standard (PCI DSS). This standard is overseen by the PCI Security Standards Council and focuses on information security policy, cardholder data security, access control, network security and monitoring, and organizational vulnerability management.
Depending on the volume of credit card transactions, the credit card brand name and whether there has been a recent data breach involving card holder data, certain organizations are required to undergo annual on-site validation by a QSA which APCO Merchant Services can help with. Successful completion of the assessment will mean that you are “PCI Compliant”. These requirements for being “PCI Compliant” are backed up by a series of punitive sanctions for non-compliance which include fines from each of the card brands who can suspend your capability to process credit card transactions until such time as the remediation has been validated by a PCI QSA. Additionally the organization suffering the data breach can suffer reputational damage, costly forensic investigations and possible lawsuits from impacted customers, as well as litigation resulting from data privacy laws from State and Federal prosecutors.
The PCI DSS requires that organizations handling payment card data:
• build and maintain a secure network
• protect cardholder data
• maintain a vulnerability management program
• implement strong access control measures
• regularly monitor and test networks
• develop and maintain an information security policy
At APCO Merchant Services, we take PCI Compliance/ Data Security very seriously. With a combination of our fully trained relationship management team and a full suite of products and services, we strive to not only help you comply with PCI standards, but to exceed them.
What is PCI DSS Compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide information security standard defined by the Payment Card Industry Security Standards Council. The standard was created to help payment card industry organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to ALL organizations that hold, process, or exchange cardholder information from any card branded with the logo of one of the card brands.
How Does PCI DSS Compliance affect me?
PCI DSS Security Standards were set forth by the card issuing associations in order to protect cardholder information and to help prevent credit card fraud, hacking, and other security issues. The PCI standards mainly focus on the encryption, storage, and transfer of this sensitive data while in a merchant’s possession. If your business experiences a breach of card holder data while not compliant with these standards, you may be fined by the associations up to $500,000 for the initial investigation as well as a fee per record that is compromised. What can’t be assessed is the damage to your business’s reputation due to loss of consumer confidence.
Isn’t PCI Compliance for larger merchants?
The truth is PCI DSS Compliance is now a reality for ALL merchants regardless of size. Depending on the type of business and how the transactions are ran, level 1-3 merchants (annual POS transactions over 1 million) may have some additional requirements, but level 4 merchants (annual POS transactions under 1 million) are actually the most targeted by hackers and thieves. According to recent data, 80% of payment card compromises since 2005 affected Level 4 merchants. The penalties and fines can be excessive depending on the amount of information that is compromised and have put some merchants completely out of business.
What is APCO Merchant Services doing to Protect my business?
APCO Merchant Services and its partners are taking data security to the next level by providing solutions that not only meet PCI standards, but set the standards. Most recently, our payment solutions have been armed with Tokenization and Transarmor. Tokenization basically takes the credit card information that is entered into a point of sale device or gateway and assigns a token number in its place. The TransArmor solution fundamentally changes the way merchants secure and manage cardholder data. This service protects consumer payment card data from the moment it enters the merchant environment, and replaces card data with a token number that preserves the value of card data for merchant business operations but removes all value for fraudsters. As a result, merchants are able to significantly reduce the scope, risk and costs associated with Payment Card Industry (PCI) compliance.
Become PCI Compliant Today with APCO Merchant ServicesAMS can help with validation and certification of compliance can be performed either internally or externally, with the assistance of our PCI Compliance Checklist, depending on the volume of card transactions the merchant organization is handling, but regardless of the size of the organization, compliance must be assessed annually.
Organizations handling large volumes of transactions must have their compliance assessed by an independent assessor known as a Qualified Security Assessor (QSA), while companies handling smaller volumes have the option of self-certification via a Self-Assessment Questionnaire (SAQ). In some regions these SAQs still require signoff by a QSA for submission.