Security & PCI Compliance

We Keep Your Data and Information Safe

What is PCI Compliance?

The Payment Card Industry (PCI) consists of all organizations that store, process or transmit cardholder data. The Payment Card Industry Security Standards Council (PCI SSC) is the governing body over the PCI and consists of the major card brands; Visa International, Mastercard Worldwide, Discover Financial Services, American Express, and Japan Credit Bureau (JCB).

Prior to the establishment of the PCI SSC, each major card brand established its own individual security standards in response to credit fraud in the late 1980’s and 1990’s. The growth of the internet and e­commerce capabilities in the early 2000’s resulted in an explosion of card fraud, which was a catalyst for the establishment of a unified approach to card data security by the major card brands. Thus, the PCI SSC was established on Sept 7, 2006. The standards that were put in place, known as PCI Compliance, are now required annually by all organizations involved in the handling, processing, management or storage of cardholder data.

Since 2006, the PCI SSC’s resulting Data Security Standards (PCI DSS) have assisted merchants globally with best practices to better secure customer cardholder data through annual updates to the PCI DSS. With each new iteration of the standards, the PCI SSC addresses changes in risks and technologies to ensure merchants are well equipped to handle all scenarios around data security risks that may affect them.

Why is PCI
Compliance Important?

PCI Compliance is important to us all.
As data breaches increase each year, it is imperative that both merchants and customers perform due diligence to ensure they are not enabling cybercriminal activity. Data breaches result in increased global economic debt and the costs of doing business for everyone. For many Small and Medium-Sized Business (SMB) organizations, a data breach can mean the loss of revenue, brand reputation and in many cases, the loss of the business altogether due to all associated costs.

FACT:

3 out of 4
Data breaches involve SMB organizations

Meeting and maintaining PCI compliance standards for your organization will benefit you in many ways. Through the PCI compliance process your organization is better educated and equipped with a strong data security foundation. You will learn best practices (based on how you handle and process cardholder data) to ensure you are not an easy target for cybercriminals. Becoming PCI compliant demonstrates your commitment to protect your customers from identity theft and fraud. Perhaps more importantly, PCI compliance is a demonstration of your commitment as a business owner to protect your investments, hard work and brand reputation.


Getting Started

The steps to becoming PCI compliant begin with a willingness to learn, along with an understanding of what PCI compliance is and is not. PCI compliance is not a guarantee that you will never have a data breach, and it is not simply checking a couple of boxes on a few forms. PCI compliance is implementing layers of security that make it increasingly difficult for cybercriminals should they attempt to attack you.

To become PCI compliant you must follow these steps:
Communicate clearly with your acquiring bank to understand specific deadlines for compliance and required reporting processes.
Understand all of the ways your organization interacts with cardholder data. For example, how does your organization handle and process credit cards? Are you storing credit card information?
Gather contact information for all of your third­ parties that are involved in the handling, processing, or storage of your customer’s cardholder data. This may include POS vendors, web hosts, data centers, etc.
Understand how many individual credit card transactions your organization processes annually (per card brand) and what merchant level your organization falls under. Information along with your methods of interacting with cardholder data help determine what requirements you will need to validate for compliance.
 Contact Protocol to provide a thorough review of your PCI compliance needs.
Frequently Asked Questions

PCI FAQS

Where do I log-in to complete my PCI Compliance Validation?

What is PCI compliance?

Who does PCI compliance apply to?

Where can I find more information about PCI DSS?

How do I determine what requirements apply to my organization?

Why is PCI compliance important?

How long has PCI DSS been around?

How do I know if a data security organization is qualified to help my organization with PCI compliance?

What happens if I choose to not comply with PCI DSS?

What are merchant levels?

What do the terms SAQ, QSA, ISA mean?

What is a QIR?

What is the Visa small merchant security validation requirement mandate?

What is cardholder data and sensitive authentication data?

What is an AOC?

How often do I need to validate PCI compliance?

Do I have to use PCI compliant partners?

What should I do if I suspect my organization has been compromised?