home about_us services industry contact_us
left_bar2

PCI Compliance Expertise


It is critical that specialty retailers understand the impact of Visa and Mastercard’s security requirements under the PCI (Payment Card Industry) compliance regulations. We work hand in hand with our clients to make sure they understand and respond to these new challenges and protect themselves from the liability that comes with these new security standards.


Payment Card Industry Security Standards
PCI security standards are technical and operational requirements set by the Payment Card Industry Security Standards Council to protect cardholder data. The standards globally govern all merchants and organizations that store, process or transmit this data with new requirements for software developers and manufacturers of applications and devices used in those transactions. PCI security for merchants and payment card processors is the vital by product of applying information security best practices in the Payment Card Industry Data Security Standard (PCI DSS). The standard includes 12 requirements for any business that stores, processes or transmits payment cardholder data.

 

PCI Standards Include:
PCI Data Security Standard: The PCI DSS applies to any entity that stores, processes, and/or transmits cardholder data. It covers technical and operational system components included in or connected to ardholder data. If your business accepts or processes payment cards, it must comply with the PCI DSS.


PIN Entry Device Security Requirements: PCI PED applies to manufacturers who specify and implement device characteristics and management for personal identification number (PIN) entry terminals used for payment card financial transactions.


Payment Application Data Security Standard: The PA-DSS is for software developers and integrators of applications that store, process or transmit cardholder data as part of authorization or settlement. It also governs these applications that are sold, distributed or licensed to third parties.

 

 

pci-chartPCI Data Security Standard
for Merchants and Processors
The PCI DSS is the global data security standard that any business of any size must ad here to in order to accept payment cards. It presents common sense steps that mirror best security practices.

 

 

How to Comply with PCI DSS
The PCI Security Standards Council sets the standards for PCI security but each payment card brand has its own program for compliance. Specific questions about compliance should be directed to your acquiring financial institution. Links to payment card brand compliance program include:

Qualified Assessors. The Council provides programs for two kinds of certifications: Qualified Security Assessor (QSA) and Approved Scanning Vendor (ASV). QSAs are companies that assist organizations in reviewing the security of its payments transaction systems and have trained personnel and processes to assess and validate compliance with PCI DSS and PA-DSS. ASVs provide commercial software tools to perform certified vulnerability scans for your systems. Additional details can be found at: www.pcisecuritystandards.org.


Self-Assessment Questionnaire. The "SAQ" is a validation tool for merchants and service providers who are not required to do on-site assessments for PCI DSS compliance. Different SAQs are specified for various business situations; more details can found at: www.pcisecuritystandards.org or contact the acquiring financial institution to determine if you should complete an SAQ.

Back to services

 right_bar2

Phone: 212-465-3137 • Toll Free: 800-501-8691 • Fax: 917-591-2365 • info@retailmerchantservices.com
Copyright © 2008 The Bart Group Retail Merchant Services. All Rights Reserved