Merchant Account Credit Card Payment Processing Solutions
 
Credit Card Processing ArticlesPCI Compliance

Payment Processing Solutions Business Cash Advance Merchant Account Affiliate Program

PCI Compliance: PCI DSS

MAXX Business Solutions, leader in merchant account processing, offers information and guidelines for PCI compliance and Payment Card Industry Data Security Standards (PCI DSS).

Click the red link below for:
FREE equipment upgrade that meets the PCI compliance standards!!

Q: What is PCI DSS?

Payment Card Industry Data Security Standard (PCI DSS) was developed by the major credit card companies (Visa, MasterCard, American Express, DiscoverCard and JCB International) as a guide to help businesses and organizations that process credit card payments prevent fraud and other vulnerabilities and/or credit card security threats.

Q: Does my business have to be PCI DSS compliant?

Yes. The Payment Card Industry Data Security Standard (PCI DSS) applies to every organization that processes credit or debit card information, including merchants and third-party service providers that store, process or transmit credit card/debit card data.

Q: Is this mandatory?

Yes. However, according to the PCI DSS documentation, "PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed or transmitted. If a PAN is not stored, processed, or transmitted, PCI DSS requirements do not apply."

"The rule of thumb is this: If you house credit card information, in whatever form, if you house the information in your server - the server that you own or you added - then you are basically responsible for complying with PCI DSS." -- Khalid Kark, Forrester Research

Q: What is the PCI compliance deadline?

2010 for merchants

Click the red link below for:
FREE equipment upgrade that meets the PCI compliance standards!!

Q: What is the PCI DSS Visa CISP program?

For Visa, Inc., PCI DSS compliance includes following their Cardholder Information Security Program (CISP), along with the incorporated PCI DSS standards.

The CISP program includes compliance and validation requirements for the following entities:

  • Merchants - All merchants including retail (brick-and-mortar), mail/telephone order, and e-commerce.

  • Service Providers - Visa identifies service providers as organizations that process, store, or transmit Visa cardholder data on behalf of Visa members, merchants, or other service providers.

  • Payment Applications - Visa offers a "Best Practices" document for payment applications, with the goal that the payment application must not retain full magnetic stripe data or CVV2 data. As well, as well the software must support a merchants and service providers' ability to comply with the PCI Data Security Standard.

Q: What is the MasterCard SDA program?

For MasterCard Inc., compliance and validation includes following its Site Data Protection (SDA) Program, along with the incorporated PCI DSS standards.

The SDA program includes compliance requirements for the following entities:

  • Merchants - All merchants must become PCI DSS compliant through completing the PCI Self Assessment, PCI Onsite Assessment and PCI Quarterly Network Scanning. While all merchants are required to comply with the Payment Card Industry Data Security Standard (PCI DSS), merchants that store, process or transmit MasterCard account data may also be required to validate compliance with their acquirer.

  • Service Providers-Third Party Processors (TPP), Data Storage Entities (DSE). Any service providers that store, process or transmit MasterCard account data on behalf of the merchant must also be compliant.

  • Vendors - Master Card provides a list of Approved Scanning Vendors (ASV), based on the testing requirements laid out in the PCI DSS standard for ASVs.

  • Acquirers - MasterCard works with acquirers to help the acquirers’ merchants obtain SDA certification, as well as PCI DSS certification. The acquirer does not have to go through an SDA certification process, but the acquirer must manage the SDA process for their merchants. The acquirer must certify the merchants' compliance validation tools, as well as registering the merchant with MasterCard.

Q: What are PCI Compliance Merchant Validation Levels?

In order to be PCI DSS compliant, each card issuer has its own criteria for assigning a merchant level and validation compliance classification level for a merchant, third party or service provider.

The merchant level is based on transaction volume for the organization. The validation compliance level is based on the merchant level, and includes the validation actions and who needs to carry out the validation actions, in order to be PCI DSS compliant.

For the majority of organizations, the standards set forth by Visa's CISP program and MasterCard's SDP program covers the qualifications for assigning both a merchant level and compliance level - along with incorporating PCI DSS.

American Express and Discover, at this time, do not have a stringent program in place like Visa or MasterCard, however both companies have a 'best practices' document, which coincides with the PCI DSS.

Visit the following link to review the definitions of service provider merchant validation levels - including high risk merchants.

Visit the following link for a PCI DSS Visa and MasterCard Quick Reference Guide

Click the red link below for:
FREE equipment upgrade that meets the PCI compliance standards!!

Q: What are the 12 requirements for building and maintaining a secure network?

In order to build and maintain a secure network, and to comply with the PCI DSS, system components, network components, and data elements related to authorization, data retention, data storage and data transmitting must be secure.

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Don't use vendor-supplied defaults for system passwords and other security parameters
Requirement 3: Protect stored card holder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Requirement 7: Restrict to cardholder data by business need to know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to Cardholder data
Requirement 10: Track and monitor access to network resources and Cardholder data
Requirement 11: Regularly test security systems and processes
Requirement 12: Maintain a policy that addresses information security

Click the red link below for:
FREE equipment upgrade that meets the PCI compliance standards!!

More PCI DSS and PCI Compliance info coming… keep checking back!
 
Merchant Account Payment
Processing Solutions
As one of America's leading merchant account processors, MAXX Business Solutions can show you how having a merchant account and accepting credit cards encourages consumer purchasing which can help you grow your business!

Accept Credit Cards
Business Cash Advance Options
MAXX Merchant Funding offers business owners a unique kind of business cash advance with a 2-Minute Application and up to $250,000 cash advance for your business! Click the blue link to learn more about our unique Business Cash Advance!
Earn up to $10,000.00 with
your Merchant Account!

Earn up to $10,000.00 with your merchant account! MAXX Business Solutions explains how you can profit from your own credit card processing dollars… up to $10,000!

Merchant Account Profits
MAXX Home Payment Processing Solutions Business Cash Advance Merchant Account Affiliate Program
High Risk Merchant Accounts Resources About Us Contact Us Sitemap
Copyright © 2007. Maxx Business Solutions.