The Payment Card Industry (PCI) Security Standards Council is comprised on the major credit card associations (Visa, MasterCard, American Express, Discover and Japan Card).

They have established a set of security standards to ensure that merchants and service providers follow best practices in order to reduce credit card fraud and security breaches. By accepting VISA and MasterCard payments, merchants and service providers are required to become Payment Card Industry compliant.

To provide you with the tools to fulfill Payment Card Industry compliance mandates. As a member of Sync Merchant, it is mandatory to enroll in PCI DSS, which will provide you access to your Self-Assessment Questionnaire (SAQ), system scanning services (of applicable), and full support.

 

The following documents are helpful reference for completing the Self Assessment Questionnaire (SAQ).

Providing customers with secure payment options not only provides more incentives to buy - but also the merchant's responsibility. In fact, failure to protect cardholder data could cost your company thousands of dollars in fines and penalty, in addition to loss of business.

Rest assured, as a Sync Merchant customer, you have a team of PCI data security experts ready to advise you and keep you informed of data security requirements. This section provides the first step in understanding the Payment Card Industry Data Security Standards (PCI DSS).

Visa, MasterCard and other payment brands have their own data security programs that require merchants to safeguard credit card processing data. However, these companies have also adopted common industry security requirements, referred to as PCI DSS, to provide merchants with a single path to safeguarding sensitive data.

A data compromise occurs when cardholder data has been lost or stolen, typically (but not limited to) by way of:

• Theft of property which includes cardholder data
• Stolen laptop or computer files
• Missing or stolen reports that may contain cardholder data
• Unlawful theft of cardholder data by an employee

The PCI DSS is comprised of 12 requirement categories that are grouped under six general headings. These requirements range from removing sensitive data from your payment terminals, to implementing data security policies for your employees. Below is a short explanation of each general headings.

Build and Maintain a Secure Network
Requirement: (I) Install and maintain a firewall configuration to protect data. (II) Do not use vendor-supplied defaults for system passwords and security parameters.

Protect Cardholder Data
Requirement: (III) Protect stored data. (IV) Encrypt transmission of cardholder data and sensitive information across public networks.

Maintain a Vulnerability Management Program
Requirement: (V) Use and regularly update anti-virus software. (VI) Develop and maintain secure systems and applications.

Implement Strong Access Control Measures
Requirement: (VII) Restrict access to data by business need-to-know. (VIII) Assign a unique ID to each person with computer access. (VIIII) Restrict physical access to cardholder data.

Regularly Monitor and Test Networks
Requirement: (X) Track and monitor all access to network resources and cardholder data. (XI) Regularly test security systems and processes.

Maintain an Information Security Policy
Requirement: (XII) Maintain a policy that addresses information security.

The complete list of standards is available for download from the PCI Security Standards Council. You may also want to review the Prioritized Approach, which provides guidance for non-compliant merchants who are working toward achieving compliance.