The PCI DSS, or Payment Card Industry Data Security Standard, was founded by the major credit card brands to enhance payment account data security. The PCI guidelines are here to help you minimize your risk of losing cardholder data and becoming breached.
Yes, PCI requirements apply to every merchant that stores, processes or transmits credit or debit card information. Businesses must adhere to the PCI DSS at ALL times per their Merchant Agreement or risk potential consequences.
3. Who in the organization is responsible for PCI compliance?
The business owner is ultimately responsible (and 100% liable) for ensuring PCI compliance within the business. As the risk owner, they have a fiduciary and legal obligation to protect cardholder data within the business.
5. Do I only have to be compliant with the majority of criteria?
Unfortunately, to become and remain compliant, you must be able to pass every requirement. Failing even one of the criteria, means you are not in compliance with PCI and are at risk to all of the costly consequences.
While any company that isn’t compliant is at risk, payment card breaches occur 2 out of 3 times in the food service industry. Smaller merchants are at the greatest risk because they are less likely to have the proper security measures to protect their customers and their business.
8. How can I implement the necessary steps in my business to minimize the risk of a security breach and ensure PCI compliance?
The first step in creating a proactive security environment is to create an Information Security Policy (ISP). An ISP, which provides guidelines and procedures to protect payment card data, is essential to keep your organization safe and compliant. For more steps to PCI compliance, click here.
The Self-Assessment Questionnaire (SAQ) is a validation tool put out by the PCI SSC and is intended to assist merchants in self-evaluating their compliance with the PCI DSS (and should be completed if not required to complete a Report on Compliance). There are multiple versions of the SAQ to address various payment processing scenarios. To determine your validation level, click here.
10. Is there a vendor that can provide a solution to help franchisees with PCI compliance?
Qualified Security Assessors (QSA) are authorized to perform annual audits for merchants and service providers to document compliance with PCI. Approved Scanning Vendors (ASV) are authorized to perform the external quarterly vulnerability scans to show compliance with requirement 11.2 of the PCI Data Security Standard.
11. Can’t I wait until my acquirer/credit card processor asks me to be compliant?
The compliance deadlines are long past. As the merchant, you are responsible for making sure you are in compliance today. Waiting until the acquirer/credit card processor asks you could be very costly indeed.
An Approved Scanning Vendor (ASV) is a security scanning vendor, certified by the Payment Card Industry Security Standards Council. Only an ASV, like SecureConnect, can provide the quarterly vulnerability scans needed for compliance.
14. PCI compliance is just about technology, right?
No! PCI Compliance is an overall business issue – so everyone needs to be aware of their role. All it takes is one employee that is not careful with a customer’s credit card or downloads a virus onto the back office computer without knowing it and a hacker could take advantage of that opportunity to access confidential information.
15. Is there a vendor that can provide a solution to help franchisees with PCI compliance?
Yes! PCI compliance can be a difficult process with several technical components. With the SecureConnect PCI packages, merchants are presented with a comprehensive, turn-key solution to protect the payment card environment and maintain PCI compliance, all at a cost-effective price.
ContactUs OurClients “
A security breach can have a devastating impact on the franchisee and the franchise system as a whole. For this reason we felt requiring our franchisees to have a consistent, comprehensive solution was the best approach for our system.