/commentary
- Ventas Declares Regular Quarterly Dividend of $0.535 Per Share
- Fitch Affirms Gerdau's IDRs at 'BBB-'; Outlook Stable
- Kayne Anderson Energy Total Return Fund, Inc. Provides Unaudited Balance Sheet Information and Announces Its Net Asset Value and Asset Coverage Ratios at August 31, 2010
- Kayne Anderson MLP Investment Company Provides Unaudited Balance Sheet Information and Announces its Net Asset Value and Asset Coverage Ratios at August 31, 2010
- Global Cash Access Names Chief Financial Officer and Appoints Director
- Stellar Recovery Simplifies Multi-Site PCI Compliance with LiveVox
- Wells Fargo to Present at Barclays Capital 2010 Global Financial Services Conference
- Freedom Bank of Virginia Announces New President
- BlackRock Announces Further Refinements to iShares Gold Trust
- Fitch: U.S. Credit Card ABS Issuance Trusts Updated
PCI Compliance – To Whom Are You Compliant?
by Sean Kramer, President and CEO of Element Payment Services
A few years ago, in response to a growing number of data security breaches, the major credit card brands formed the Payment Card Industry Security Standards Council (PCI SSC). Since then the PCI SSC has developed a set of security requirements for all businesses that handle payment cards.
The three major standards are the Payment Card Industry Data Security Standard (PCI DSS), for merchants and processors, the Payment Application Data Security Standard (PA-DSS), for software developers and integrators, and PIN Transaction Security (PTS), for manufacturers.
One of the most frequent points of confusion around PCI compliance is to whom merchants, software developers and manufacturers are actually compliant. And while the answer is simple, the process can feel quite complex.
Even though the PCI Security Standards Council (PCI SSC) developed these standards, compliance is actually mandated by each individual payment card brand - Visa, MasterCard, American Express, Discover and JCB International. Each credit card company has their own cardholder data security program and deadlines for validation of compliance:
- Visa Cardholder Information Security Program (CISP)
- Mastercard Site Data Protection (SDP) Program
- American Express Data Security
- Discover Information Security & Compliance (DISC)
- JCB International
To become compliant, first become familiar with the standard applicable to you, whether it is the PCI DSS, PA-DSS or PTS, on the PCI SSC Web site. Next, visit each payment card brand's site and figure out what level of compliance you fall under. Each brand has different criteria for compliance levels. For instance, American Express has three merchant compliant levels, while Discover, Visa and MasterCard have four levels for merchant compliance. Each card brand has different criteria for each level of compliance.
Depending on your level, the data security program requirements you will need to fulfill for each payment card brand may differ. To give you a general idea of what you would need to do as a merchant to comply with Visa's CISP program, here are Visa's PCI requirements for merchants:
- Level 1 Merchants
- Annual Report on Compliance (ROC) by a Qualified Security Assessor (QSA)
- Quarterly network scan by Approved Scan Vendor (ASV)
- Attestation of Compliance Form Level 2 and 3 Merchants
- Annual Self-Assessment Questionnaire (SAQ)
- Quarterly network scan by ASV
- Attestation of Compliance Form Level 4 merchants
- Annual SAQ recommended
- Quarterly network scan by ASV if applicable
Compliance validation requirements set by acquirer Read the steps to validation for each card brand carefully. Generally validation must be sent to your acquirer, as is frequently the case for merchants; other times validation documents must be sent directly to the payment card brand.
Stick to this process — of really drilling down into each payment card brand's data security program and the requirements of each — and the path to compliance will become a little clearer.
Sean Kramer is the President and CEO of Element Payment Services and has years of experience in the payment processing industry. Element Payment Services provides secure, reliable and innovative payment processing solutions directly to merchants through partnership with leading business management software providers.
Comments
Comments
No one has commented on this page yet.
RSS feed for comments on this page | RSS feed for all comments
Now Available!
A PYMNTS.com exclusive!
Chapter three of the Third Edition of Paying with Plastic by David S. Evans and Richard Schmalensee.
The third chapter of the 3rd edition of Paying with Plastic is now available on PYMNTS.com. Readers of the online version will get advance access to the full chapter contents as well as unique insights, additional background information and have the chance to comment on the content and provide the authors with updated facts and figures. Readers whose material is used will be cited in the printed edition.
Subsequent chapters will be posted in 14 installments prior to the book’s publication by The MIT Press in late-2011.
Sign-up for our newsletter to be notified first when new chapters will be released.
For sponsorship opportunities contact Abigail Adams
Most Popular
- Ventas Declares Regular Quarterly Dividend of $0.535 Per Share 30 mins ago
- Fitch Affirms Gerdau's IDRs at 'BBB-'; Outlook Stable 35 mins ago
- Kayne Anderson Energy Total Return Fund, Inc. Provides Unaudited Balance Sheet Information and Announces Its Net Asset Value and Asset Coverage Ratios at August 31, 2010 43 mins ago
- Kayne Anderson MLP Investment Company Provides Unaudited Balance Sheet Information and Announces its Net Asset Value and Asset Coverage Ratios at August 31, 2010 47 mins ago
- Global Cash Access Names Chief Financial Officer and Appoints Director 3 hours ago
- Stellar Recovery Simplifies Multi-Site PCI Compliance with LiveVox 4 hours ago
- Wells Fargo to Present at Barclays Capital 2010 Global Financial Services Conference 4 hours ago
- Freedom Bank of Virginia Announces New President 5 hours ago
- BlackRock Announces Further Refinements to iShares Gold Trust 5 hours ago
- Fitch: U.S. Credit Card ABS Issuance Trusts Updated 6 hours ago
- USC Keston Institute Hosts California Bond Forum under Halo of State Legislature’s Historic Action on Water Issues Nov 05, 2009
- 1-800-FLOWERS.COM Announces That It Will Not Renew Its Contract for Third-Party Administration of Its Membership Program and Will Eliminate Data-Passing of Credit Card Information Dec 23, 2009
- Heartland Payment Systems Announces New Time for Conference Call to Discuss Third Quarter 2009 Results Oct 30, 2009
- Industry Reaction to American Express' Move to Buy Revolution Money Nov 18, 2009
- Hyatt Place® and Hyatt Summerfield Suites™ Reward Guests with $20 Prepaid MasterCard® Gift Cards Sep 29, 2009
- Transcript: Twitter Vet Jack Dorsey on How Square Redesigns the Payment Process Feb 12, 2010
- Consumers Entering Holiday Season More Joyful Than Gloomy with Plans to Give; Gift Cards Top the List Nov 16, 2009
- Clinverse Completes $2.2 Million Series A Private Equity Financing Oct 19, 2009
- What's Next in Payments: Invisible Engines Oct 24, 2009
- Experts Available to Discuss Preventing Identity Theft During the Holiday Season Nov 09, 2009
Browse by Date
Recent Tweets
for pymnts
- Global Cash Access Names Chief Financial Officer & Appoints Director http://bit.ly/9A1CzX @GamingToday 1 hour ago
- What the Little Engine that Could and Nuclear Physics Have to Do With Ignition Strategies http://bit.ly/b6NJai 2 hours ago
- PYMNTS.com sits down with the industry's top executives to find out what's moving & shaking in #payments. http://bit.ly/b2H5QX 3 hours ago
- Citibank Japan Tops Nikkei's Retail Banking Survey http://bit.ly/c68H1w @Citi @nikkeibpnet @discovernikkei 4 hours ago
- Debit Card Regulation: Why the Fed has a more challenging prospect than other central banks http://bit.ly/b64j0W #Finreg 5 hours ago
Tag Cloud
ach acquisition ad-supported advertising africa akerlof alternative payment amazon amazon fps american express amex android api apis apple application applications atm authentication automated clearing house banking bank of america behavioral economics big bank excuse billmelater bing blackberry bling nation bloomberg bob dole brian burnseed business business week business wire c$ cmoney capital markets summit card act cardholders card issuer card issuers card issuing card network card networks card reform carte blanche cash cass sunstein catalyst code catalysts cfpa cfpa act check card chicken-and-egg china china union pay citi cloud computing code commerce compliance congress consolidation consumer consumer financial protection agency consumer loyalty consumers contactless contactless cards corduro credit credit card credit card networks credit cards credits cup cybersource dan ariely daniel read data center david evans david s. evans debit debit card debit cards decoupled developer developers development device fidelity dick schmalensee digital media diners club discover disruptive disruptive technology dodd droid durbin amendment e-commerce e-payment e-wallets ebay ebillme ecommerce economics economists economy eft electronic commerce electronic payments element payment services encryption epayment epayments evans facebok facebook farmville federal reserve fees financial financial reform firefox foreign networks frank frank parry futures g-cash gaming gao general accountability office gift google google checkout greatest developments guest payments hagiu healthcare hyperbolic discounting ibm icbc ignition ignition strategy innovation interchange international telecommunications union internet internet-based invisible engines ipcommerce ip commerce iphone iphones issuer jack dorsey jason diaz jcb international john donohue joshua wright journal jp morgan justin fox kathy miller kenya law lending linkedin loyalty m-commerce m-pesa magnetic strip mag stripe magtek manhattan mara airolki mastercard mastercard in-control mcommerce merchant merchants merger meters microsoft mit mobile mobile apps mobile banking mobile money money transfer more than money mtn myspace national payment card near field communications network networks new businesses new business models newspaper publishing newspapers new york city nfc nilson obama obopay oliver williamson other p2p paas payment payment card payment engine payments paypal paypal x paypalx payroll payvment payware pci pci ssc peter guidi philippines pin platform platforms policy prepaid processing psychology pts publishing pymnts pymnts.com quattro reform regulation related publications revolution money richard thaler ronald coase saas safaricom schiller schmalensee screening rules sdk search security senator durbin shane frederick small business smart-phones smartphone smartphones social social commerce social network social networks software square standards start-up startup strategy swipe fee target taxi taxipass taztag techcrunch technology traffic transaction costs transactions tsys twitter two-sided market two-sided platforms u.s. chamber of commerce user behavior validation verifone verizon virtual currency visa vivotech vodafone wall street wamu warren buffett washinton web 2.0 wells fargo western union windows wright wsj yahoo yes bank youtube zynga
Post your comment