PCI Compliance

Data Protection Is Your Business

Safe and secure payment options are vitally important to everyone—your business, your customers, and your bank. As a merchant it’s your responsibility to keep your customers’ cardholder data safe and provide secure payment options. Failure to do so could result in thousands of dollars in fines levied against your company, not to mention the potential in loss of business and goodwill.

A1 Charge will help you meet your data protection obligations. We can help keep you up to date and advise you on Payment Card Industry Data Security Standards or PCI DSS. Here is some of what you’ll need to know about PCI Security Standards, why and how to become compliant with them.

The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. The PCI Security Standards Council’s mission is to enhance payment account data security by driving education and awareness of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc.

From the world’s largest corporations to small Internet stores, compliance with the PCI Data Security Standard (PCI DSS) is vital for all merchants who accept credit cards, online or offline, because nothing is more important than keeping your customer’s payment card data secure. The size of your business will determine the specific compliance requirements that must be met. Note that enforcement of merchant compliance is managed by the individual payment brands and not by the Council – the same is true for non-compliance penalties.

The PCI Security Standards Council offers robust and comprehensive standards and supporting materials to enhance payment card data security. These materials include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process — including prevention, detection and appropriate reaction to security incidents.

Tools to assist organizations validate their PCI DSS compliance include Self Assessment Questionnaires. The chart linked here shows some of the tools available to help organizations become PCI DSS-compliant.

For device vendors and manufacturers, the Council provides the PIN Transaction Security (PTS) requirements, which contains a single set of requirements for all personal identification number (PIN) terminals, including POS devices, encrypting PIN pads and unattended payment terminals. A list of approved PIN transaction devices can be accessed here.

To help software vendors and others develop secure payment applications, the Council maintains the Payment Application Data Security Standard (PA-DSS) and a list of Validated Payment Applications.

The Council also provides training to professional firms and individuals so that they can assist organizations with their compliance efforts. The Council maintains public resources such as lists of Qualified Security Assessors (QSAs), Payment Application Qualified Security Assessors (PA-QSAs), and Approved Scanning Vendors (ASVs). Large firms seeking to educate their employees can take advantage of the Internal Security Assessor (ISA) education program.

The Council is here to help merchants through maintaining and enhancing the PCI Security Standards, providing education and training about protecting payment card data with the PCI Security Standards, and by serving as a forum for engaging with the industry on developing these standards. Our FAQs hold a wealth of information – to save yourself time, be sure to check there first when you have specific questions.