PCI DSS Compliance - Mandatory Compliance for All Merchants

As of July 1, 2010, there are new guidelines that apply to all merchants that accept credit cards.  These guidelines, which are referred to as the Payment Card Industry Data Security Standard (PCI DSS) were set by the major credit card companies including Visa, MasterCard, American Express and Discover.  With these regulations for businesses accepting credit cards, Payment Card Industry (PCI) compliance is no different than having a business license or tax ID; they are all required. 

These guidelines were established to ensure that merchants are following the best practices in order to reduce credit card fraud and security breaches.  After investigating how individuals fraudulently obtained credit card data through hacking into computer data bases and other means, the Card Companies have determined that a large percentage of the incidents could have been prevented if the merchants followed some simple guidelines.

How do I become PCI compliant?

This will depend on how/if you store your credit card data. All merchants will have to complete a questionnaire annually explaining how they process and store credit card data.  They will also have to agree to follow specific guidelines on how they handle this data and instruct their employees on these procedures. Additionally, if the merchant stores credit card data on their computer or they process credit cards through the Internet, their systems will require a vulnerability scan quarterly.

How do I complete this process?

The PCI Council has mandated that only Approved Scanning Vendors can certify merchant compliance.  After assessing various approved companies we have chosen ControlScan because of their experience and their user friendly systems and personal level of support.

The questionnaire that every merchant needs to fill out can be completed on the Internet or you can request a questionnaire be sent to you to complete and send back to ControlScan, whichever is more convenient. 

If you want to request a questionnaire or have any questions while completing the on-line process, call ControlScan at 800-370-9180. If you choose to complete the questionnaire on the Internet, the website is www.controlscan.com/logicalprocessing.  If you have any problems logging on or need help with any of the questions, call ControlScan at 800-370-9180.

No systems are perfect but if you follow the guidelines and obtain a PCI certificate annually, you will significantly lower your risk of fraud and avoid any penalties. If you have any other questions, please us at 1-800-373-7298.