PCI Compliance
Protect Your Business & Your Reputation
What is PCI Security Compliance?
PCI DSS regulations are enforced by credit card associations like Visa, MasterCard and American Express. To promote the security of the credit and debit card payment systems, the major card brands established the Payment Card Industry Council (PCI) to oversee its Data Security Standards The PCI Security Standards Council developed PCI DSS to increase data security in credit card payment processing. The PCI DSS applies to all organizations that transmit, process, or store credit card data. The purpose of PCI Security Compliance is to institute requirements to protect sensitive information that is being stored electronically.
How Does It Affect You
Merchants of all sizes must ensure that cardholder data is protected from a security breach. A typical breach costs a small business merchant $25,000 – $50,000, but can run much higher depending on the number of cards compromised. To protect cardholder data and mitigate financial exposure, it is imperative that all merchants validate and demonstrate PCI-DSS compliance
PCI DSS Requirements
Below are the 12 principle requirements of PCI DSS.
Build and Maintain a Secure Network
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications
Implement Strong Access Control Measures
- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
Regularly Monitor and Test Networks
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
Maintain an Information Security Policy
- Maintain a policy that addresses information securityThe PCI DSS and supporting documentation can be found at https://www.pcisecuritystandards.org
How PCI Compliance, and being with Merchant 1 Payments, Benefits You
It covers your business in case a breach actually happens.
- $10,000 coverage per MID, per incident, if you are enrolled and not compliant
- $50,000 coverage per MID, per incident, if you are enrolled and compliant with a third-party QSA vendor
- $100,000 coverage per MID, per incident, if you are enrolled and compliant with Sysnet
It helps you safeguard card data – and keep customers’ trust.
- Security document template that helps you develop customized security policy
- Access to educational articles and videos
- Vulnerability scanning tool that allows you to schedule your next scans
- Checks on password strength and system configuration (IP-based, two devices per MID)
- Detects PAN numbers (IP-based, two devices per MID)
It’s easy to use.
- Profile setup that helps you determine which SAQ to take
- Online process available, 24/7/365 in English only
- To Do List that tracks tasks
- Ability to upload third-party SAQ and scanning documents
- Access to e-commerce seal to show consumers the site is secure.
- Answers PCI DSS technical questions within the profile tool and SAQ questions
It stays in touch with you before, during and after you attest to your compliance.
- Welcome/registration emails
- Action item reminders and renewal notices
These are the facts:
- 822 million records compromised in 2013
- 54% increase in data breach investigations over 2012
- 87 days is the average time from intrusion to detection
- Retail is 35% of breech, restaurants 18%- Trustwave global report 2014
- Not complying can result in fines $5-100k/mo but more important banks may stop processing credit card trans after violations
- Simply good business, as tech advances so do malicious hackers and the technology they use
- When customers purchase something with a cc, they’re trusting your client to protect the transaction…we are doing everything we can to ensure your info is secure.
A typical security breach costs small business merchants $25,000 – $50,000.
Data Breach
In the event that your business experiences a data breach, Elavon may be contacted by the involved payment networks. We will then contact you, communicate the extent of exposure from the attack and assist you through the necessary steps to protect your business. We’ll put you in touch with Qualified Forensic Investigators who will conduct a thorough examination of your payment environment to identify the systems and/or processes that resulted in the security breach and recommend additional steps you should take to protect your business and your reputation.
As a part of Elavon’s compliance program, certain payment network fines, fees, and assessments associated with each compromise incident will be retained by Elavon and may not be passed on to you, depending on your level of available coverage. Elavon will also reimburse you for the incurred costs of a comprehensive forensic audit performed by a QSA up to your level of available coverage.
Merchant 1 Payments is committed to protecting you and your customers.
Tips for Safeguarding Data
Following are some helpful guidelines to help you protect your confidential customer information and your business.Keep cardholder information storage to a minimum and never store the information contained in a credit or debit card’s magnetic stripe. Don’t store it, if you don’t need it.
- When you no longer need the account information, destroy it in a secure fashion. Never store the CVV, CVV2 or PIN.
- Be aware that some software programs may store data automatically. Review software and update preferences to be sure account information is not being stored without your knowledge. Check to see if your software is PA-DSS compliant.
- Comply with security audits according to the PCI requirements.
- Use adequate firewalls. Ensure that your payment card acceptance environment is properly segmented from public networks such as the Internet.
- Change system passwords and security codes from those supplied originally by software manufacturers.
- Encrypt all payment card information stored on the processor’s computers.
- Encrypt any card data transmitted over the Internet or other open public network.
- Use and regularly update your antivirus software.
- Keep other software, such as operating systems, secure and updated.
- Only allow employees access to customer data on a need to know basis. As well, each employee with computer access should receive a unique ID.
- Restrict physical access to hard copies of payment card data.
- Test your company’s security systems on a regular basis.
- Have an information security policy that spells out rules for employees who handle data.
- Reinforce the rules regularly.
- Require all third-party suppliers with access to cardholder data to adhere to payment card industry security requirements.