The Payment Card Industry (PCI) Security Standards Council is comprised on the major credit card associations (Visa, MasterCard, American Express, Discover and Japan Card).
They have established a set of security standards to ensure that merchants and service providers follow best practices in order to reduce credit card fraud and security breaches. By accepting VISA and MasterCard payments, merchants and service providers are required to become Payment Card Industry compliant.
To provide you with the tools to fulfill Payment Card Industry compliance mandates. As a member of Sync Merchant, it is mandatory to enroll in PCI DSS, which will provide you access to your Self-Assessment Questionnaire (SAQ), system scanning services (of applicable), and full support.
The following documents are helpful reference for completing the Self Assessment Questionnaire (SAQ).
PCI Data Security
Protecting Cardholder Data is Good for Business - and It's Required
Providing customers with secure payment options not only provides more incentives to buy - but also the merchant's responsibility. In fact, failure to protect cardholder data could cost your company thousands of dollars in fines and penalty, in addition to loss of business.
Rest assured, as a Sync Merchant customer, you have a team of PCI data security experts ready to advise you and keep you informed of data security requirements. This section provides the first step in understanding the Payment Card Industry Data Security Standards (PCI DSS).
What are the Payment Card Industry Data Security Standards (PCI DSS)?
Visa, MasterCard and other payment brands have their own data security programs that require merchants to safeguard credit card processing data. However, these companies have also adopted common industry security requirements, referred to as PCI DSS, to provide merchants with a single path to safeguarding sensitive data.
What is Data Compromise?
A data compromise occurs when cardholder data has been lost or stolen, typically (but not limited to) by way of:
Requirements for PCI-DSS Compliance
The PCI DSS is comprised of 12 requirement categories that are grouped under six general headings. These requirements range from removing sensitive data from your payment terminals, to implementing data security policies for your employees. Below is a short explanation of each general headings.
Build and Maintain a Secure Network
Protect Cardholder Data
Maintain a Vulnerability Management Program
Implement Strong Access Control Measures
Regularly Monitor and Test Networks
Maintain an Information Security Policy