What is the point?
If your business accepts or processes payment cards, it MUST comply with PCI DSS (Payment Card Industry Data Security Standards). All businesses and merchants that store, process and/ or transmit cardholder information are now REQUIRED to be PCI Compliant.
By being PCI Compliant, a merchant can rest assured knowing that they have taken the steps to protect themselves from fraud and, in turn, not be liable to a security breach. Furthermore, customers feel more secure when they see a PCI Compliant logo on a website. This can increase business and ensure customer satisfaction.
What is the PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) is an industry-wide compliance requirement created for anyone who stores, processes or transmits payment card data (such as accepting credit card payments).
The PCI DSS was created in collaboration with the different payment card brands: American Express, Discover, JCB, MasterCard and Visa. The requirements are designed to reduce payment card compromises and data theft by helping you secure your sensitive information and reduce your vulnerability to attacks.
What are the Penalties for Noncompliance?
Merchants may be fined up to $500,000 per incident if they are not PCI Compliant at the time of a security breach.
Consequences for affected organizations may include:
- Regulatory notification requirements
- Loss of reputation
- Loss of customers
- Potential financial liabilities (for example, regulatory and other fees and fines)
How Much Will This Cost?
Most providers charge a monthly and/or annual fee for PCI Compliance. This can range anywhere from $30-$60 a month up to $2500 per year. Scans may run up to thousands of dollars depending on the size of the business.
National Merchants Association is pleased to be able to offer our PCI Compliance program FREE as one of your monthly membership benefits.
How Do I Become Compliant With the PCI DSS?
As a merchant who stores, process or transmits payment card data, you are required to be PCI DSS Compliant by the payment brands and National Merchants Association. As part of your membership package with National Merchants Association, we Work For You® to become PCI Certified. One of our experts will help your business become certified immediately upon receipt of your terminal or virtual gateway. We will walk you through these two easy steps to PCI DSS Compliance:
- An annual Self-Assessment Questionnaire (SAQ) to determine if you are taking proper precautions to protect your payment card data, similar to an insurance questionnaire, done via internet by visiting the website below.* *If you do not have access to the internet, one of our experts will provide you with a copy of your SAQ to sign and submit for PCI Compliance.
- Quarterly security scans if your systems are connected to the Internet. The scans look for weaknesses that an attacker might use to access your systems. A PCI-Certified Approved Scanning Vendor (ASV), such as NMA's partner, 403 Labs, must conduct these scans.* *No scan needed for Dial-up or if you fall under the category of CV-T.
Give Your Customers Peace of Mind
Not all companies who offer PCI Compliance offer a Seal of Approval or Certification. Let your online surfers and shoppers know you are secure by displaying a security seal on your web site, updated automatically with a "click to verify" option.
Once PCI Certified through National Merchants Association, your customers can click on your PCI Certification seal and will be shown a page verifying that your site is safe and meets industry regulations.