Frequently Asked Questions
> What is PCI DSS?
PCI DSS - (Payment Card Industry Data Security Standard) - is a worldwide information security standard that helps prevent credit card fraud th4ough increased controls around data and its exposure to compromise.
> Who does the PCI Data Security Standards Compliance Program apply to?
The program encompasses all merchants and third party service providers that store, process, or transmit cardholder data.
> What are the benefits of being PCI compliant?
It is good business practice to adhere to the PCI standards and protect cardholder information. Additionally, Visa®, MasterCard®, and Discover® Network may impose fines on their member banking institutions when merchants do not comply with PCI Data Security Standards
> What is "cardholder data"?
Cardholder data is any personally identifiable data associated with a cardholder. This could be a name, address, account number, expiration date, social security number, etc. The account number is the critical component that makes the PCI Data Security Standards applicable. The PCI Data Security Standards apply to all cardholder data stored, processed, or transmitted.
> Are Level 4 merchants ever required to validate their compliance?
Yes. If a Level 4 merchant is deemed to be a "High Risk" merchant, they are required to validate compliance with the PCI Data Security Standards.
> What is a "High Risk" merchant?
Currently, merchants that are known to use non-compliant payment applications (applications known to store magnetic stripe, Cardholder Verification Value (CVV), or Cardholder Verification Value 2(CVV2) or Card Validation Code 2 (CVC2) or Card Identification (CID) fall into this "High Risk" category.
> When is it acceptable to store magnetic stripe data?
It is never acceptable to retain magnetic stripe data subsequent to transaction authorization.
> What if a merchant does not store cardholder data?
If a merchant does not store cardholder data, the PCI Data Security Standards still apply to the environment that transmits or processes cardholder data. This includes any service providers that a merchant uses.
> Are there fines if cardholder data is compromised?
Yes. If cardholder data that you are responsible for is compromised, you may be subject to the following liabilities and fines associated with non-compliance:
- Potential fines of up to $500,000 (in the discretion of Visa, MasterCard, Discover Network or other card companies).
- Cost of re-issuing cards associated with the compromise.
- All fraud losses incurred from the use of the compromised account numbers from the date of compromise forward.
- Cost of any additional fraud prevention/detection activities required by the card associations (i.e. a forensic audit) or costs incurred by credit card issuers associated with the compromise (i.e. additional monitoring of system for fraudulent activity).
> Is there a cost to complete the PCI DSS certification process?
Yes. However, we have kept the cost to a minimum. Most of our competitors charge 2 and 3 times and some even 5 times the amount we charge. Keep in mind that the nominal fee that's charged is nothing compared to the possible fines and penalities.