Agent/Merchant Login

1-866-783-0809

Your last stop in the search for payment processing.

Frequently Asked Questions on PCI

(For technical FAQs click here.)

What is PCI DSS compliance?

The Payment Card Industry (PCI) Data Security Standard (DSS) was established by the major card brands including: Visa, Mastercard, American Express, Discover Financial Services, and JCB International. All business who process credit cards (merchants) are required to implement the PCI standards into their methods of processing to prevent credit card theft. There are 12 standards that are divided into six groups:

  1. Build and Maintain a Secure Network
    Requirement 1: Install and maintain a firewall configuration to protect cardholder data
    Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
  2. Protect Cardholder Data
    Requirement 3: Protect stored cardholder data
    Requirement 4: Encrypt transmission of cardholder data across open, public network
  3. Maintain a Vulnerability Management Program
    Requirement 5: Use and regularly update anti-virus software
    Requirement 6: Develop and maintain secure systems and applications
  4. Implement Strong Access Control Measures
    Requirement 7: Restrict access to cardholder data by business need-to-know
    Requirement 8: Assign a unique ID to each person with computer access
    Requirement 9: Restrict physical access to cardholder data
  5. Regularly Monitor and Test Networks
    Requirement 10: Track and monitor all access to network resources and cardholder data
    Requirement 11: Regularly test security systems and processes
  6. Maintain an Information Security Policy
    Requirement 12: Maintain a policy that addresses information security

The steps you follow to validate PCI DSS compliance are based on the way you process your customers' credit cards. Validation is an annual process that may require quarterly reporting. Merchant Partners compliance consultants assist you in knowing which standards apply and how you should validate compliance.

What is Site Certification?

Site Certification helps merchants quickly and easily validate PCI compliance. Merchant Partners with SecurityMetrics provides Site Certification to help merchants verify secure credit card handling processes, and if applicable tests merchant Internet systems to determine if they comply with Payment Card Industry Data Security Standards. Site Certification simplifies all aspects of PCI DSS Compliance for your business. It even includes PANscan to help you check if your business unknowingly stores unencrypted credit card numbers on your network.

Who is required to become PCI compliant?

All businesses that process, view, or store credit card information are required by the Payment Card Brands and their merchant processor to validate compliance with the data security standards.

Why haven't I heard of PCI compliance until now?

PCI compliance was first mandated in 2001. The Payment Card Industry Security Standards Council (PCI SSC), the card brands, and your merchant processor are doing their best to make sure all merchants are aware of the standards.

What is the deadline to become PCI compliant?

For most merchants the deadline for compliance has already passed (www.pcisecuritystandards.org) Contact your merchant processor to receive details on your merchant account.

What happens if I don't become PCI compliant?

If you don't become PCI compliant, potentially you put your business and customers card data at risk of being compromised. Breach of card data for level four merchants on average costs between $36,000 and $50,000. You may also receive fines for not validating PCI compliance from your merchant processor.

What if I only process a few cards a year, do I still need to be PCI compliant?

Yes. Even though you may only process a few transactions, you still need to implement the data security standards into your processing and validate PCI DSS compliance.

What is required to become PCI DSS compliant?

Depending on how you process cards determines your validation type and your requirements to comply with the PCI DSS. Typical steps for level 4 merchants to become PCI DSS compliant include but are not limited to completing the following:

  • Determine your validation type
  • Complete and report an attestation of compliance and self assessment questionnaire (SAQ) annually
  • Complete and report results of all external vulnerability assessment scans (all external facing IP addresses used to process, view, or handle credit card data require scans) performed by an approved scan vendor (ASV) quarterly
  • Create and update an information security policy annually

My account has just been created, what now?

You should login to your account and begin the process of becoming PCI Compliant. Some merchants only need to complete and pass an annual Self Assessment Questionnaire. If Vulnerability Scanning is required for your business, you have to pass the scan(s) and questionnaire before you are listed as PCI Compliant.

What is a validation type?

The Payment Card Industry classifies level four merchants into five different validation types. The following chart from the Payment Card Industry website gives an explanation of the levels:

SAQ Type
Description
SAQ: V1.2
1
Card-not-present (e-commerce or mail/telephone-order) merchants, all cardholder data functions outsourced. This would never apply to face-to-face merchants.
A
2
Imprint-only merchants with no electronic cardholder data storage
B
3
Stand-alone terminal merchants, no electronic cardholder data storage
B
4
Merchants with POS systems connected to the Internet, no electronic cardholder data storage
C
5
All other merchants (not included in Types 1-4 above) and all service providers defined by a payment brand as eligible to complete an SAQ.
D


Do I need to become PCI DSS compliant if I don't use a computer to process credit cards?

Yes. Even though you may not process cards using a computer, your business still needs to validate PCI DSS compliance and implement data security standards into your processing. All businesses that process, view, or store credit card data need to validate compliance.

Who is enforcing validation PCI DSS compliance?

The Payment Card Brands have mandated the standards and your merchant processor is enforcing validation of PCI DSS compliance.

What is the difference between a Desktop Check and Site Certification?

The Desktop Check is designed for any user whose computer is connected to the Internet. The user must visit our website and start a Desktop Check from the machine they want to check. Site Certification is a higher-level service designed to run a Desktop Check on a specified IP address at least quarterly for a year, depending on the level of service chosen. We update our database with an average of five new vulnerability scripts every week, to keep you protected from the latest vulnerabilities.

*If you have any further questions about PCI compliance, contact a Merchant Partners PCI Support at (866) 889-6176.

Need more information?

Our experienced customer service representatives can step you through the process and answer any questions you have about processing payments on your web site.

Contact Merchant Partners to have one of our representatives contact you within one business day.


Additional Services From Merchant Partners

Merchant Accounts / Credit Card Processing

Our partnerships with leading account providers will help you get your business up and running quickly. Accept all major credit cards, including Visa, MasterCard, American Express, Discover, Diner's Club, and JCB via Online Charge™ .

Automated Recurring Billing

Easy to use automated billing of recurring payments.

Fraud and Risk Management

Customizable fraud and risk management system helps you maximize sales and minimize risk.

Membership Billing

Add "premium" content areas to your web site that can only be accessed for a fee.

Online Merchant Account

The first step toward accepting payments online is to acquire an Internet merchant account. Without a merchant account, businesses cannot accept credit cards and may miss out on more than 60% of their sales opportunities.

Wireless Payment Processing

Merchant Partners Software wireless capabilities give you the option of processing transactions from any location that your WAP enabled phone or wireless PDA has service.

For More Information

Call 1-866-783-0809

OR fill out the simple form below.








*We will never spam you or sell your email address.

"Merchant Partners Electronic Check Processing has allowed us to increase revenue streams by provinding enhanced check services to our clients"

- ISV