Did you receive a letter from Security Metrics regarding PCI Compliance? Please follow the steps as appropriate for your business type.

PCI Security Standards Council The granddaddy of everything you need to know for compliance, including form templates.

- Read The PCI DSS New Self-Assessment Questionnaire (SAQ) Summary

- Determine which SAQ validation you need to complete

- if needed,  see page 12 in link to submit the CenPOS MasterCard PCI Certification

Complete the appropriate paperwork.

Merchant Account Security Links

Which level merchant am I?

Ecommerce stores may be forced to shut down if there is a data breach related to credit card processing, but it all depends on the circumstances. Why did the data breach occur? Where did the breach occur? What steps have been taken to prevent a reoccurance? Did the company meet PCI Security Compliance standards at the time of the breach? Who do you think will force you to shut down your site?

If your company was in PCI compliance, and preventative measures have been taken, it’s doubtful you’d be forced to shut your site down. You’d be protected by Safe Harbor from financial liability.

Who can force you to shut down your site? The card associations or your payment processor are the most likely. The actual site doesn’t need to be closed, but you may not be able to accept credit cards online. You may still be able to accept Paypal, Google, or other payment types, again, depending on the nature of the breach. For example, Paypal etc would take the transaction off your site for secure payment.

Does PCI Compliance allow you to save the track data until you process the card? For example someone gives you a card to process in the beginning of next month, can the track data be stored until then? JL

The answer is yes, but with limitations.

Track data is the information encoded in Track 1 and Track 2 within the magnetic strip, or chip,  on the back of a credit card which is read by an electronic reader within the terminal or point-of-sale (POS) system. Track data contains information about the card and the cardholder.

What track data can be collected? When a credit or debit card is swiped, the track data may include customer name, credit card number, expiration date, CVV number, and information used as part of PIN encryption/decryption if a debit card.

What track data can be stored? Merchants may securely store ONLY the customer’s name, credit card number, and expiration date  to PCI Data Security standards if desired.

How and where will you store the track data? This is the crux of PCI Data Security and should be your most important consideration. Do you use POS software? Do you know if it is PCI Compliant? Some are, some are not. Even some very big software companies are not, but are ‘working on it’.

A technology solution that I sell ( I work direct for the company) is CenPOS. The data is encrypted, stored off site, meets all current data security standards and the solution is fully PCI Compliant.

Article on prohibited Cardholder Data Storage from Visa.