PCI DSS - (Payment Card Industry Data Security Standard) - is a worldwide information security standard that helps prevent credit card fraud th4ough increased controls around data and its exposure to compromise.

The program encompasses all merchants and third party service providers that store, process, or transmit cardholder data.

It is good business practice to adhere to the PCI standards and protect cardholder information. Additionally, Visa®, MasterCard®, and Discover® Network may impose fines on their member banking institutions when merchants do not comply with PCI Data Security Standards

Cardholder data is any personally identifiable data associated with a cardholder. This could be a name, address, account number, expiration date, social security number, etc. The account number is the critical component that makes the PCI Data Security Standards applicable. The PCI Data Security Standards apply to all cardholder data stored, processed, or transmitted.

Yes. If a Level 4 merchant is deemed to be a "High Risk" merchant, they are required to validate compliance with the PCI Data Security Standards.

Currently, merchants that are known to use non-compliant payment applications (applications known to store magnetic stripe, Cardholder Verification Value (CVV), or Cardholder Verification Value 2(CVV2) or Card Validation Code 2 (CVC2) or Card Identification (CID) fall into this "High Risk" category.

It is never acceptable to retain magnetic stripe data subsequent to transaction authorization.

If a merchant does not store cardholder data, the PCI Data Security Standards still apply to the environment that transmits or processes cardholder data. This includes any service providers that a merchant uses.

Yes. If cardholder data that you are responsible for is compromised, you may be subject to the following liabilities and fines associated with non-compliance:

• Potential fines of up to $500,000 (in the discretion of Visa, MasterCard, Discover Network or other card companies).
• Cost of re-issuing cards associated with the compromise.
• All fraud losses incurred from the use of the compromised account numbers from the date of compromise forward.
• Cost of any additional fraud prevention/detection activities required by the card associations (i.e. a forensic audit) or costs incurred by credit card issuers associated with the compromise (i.e. additional monitoring of system for fraudulent activity).