Who needs to complete PCI certification?

Every merchant and service provider who accepts, processes, stores, or transmits cardholder transactions.

Whatever your situation, there's virtually no reason to ever have full card data available to any employee. Whatever the reasons of the past, we have technology solutions that eliminate them today.

All merchants must meet PCI Data Security Standard (DSS) requirements; however, merchant compliance validation standards vary based on the volume of transactions, the potential risk, and exposure introduced into the payment system.

PCI Compliance is critical. Merchants can be subject to huge fines and bad PR with breaches like Target and Neiman Marcus in the news. It lives on forever on the internet. Compliance requirements vary by processing volume, however, the vast majority of businesses can complete the PCI Compliance Self Assessment. Most businesses are level 4 merchants as defined by Visa: Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants-regardless of acceptance channel-processing up to 1,000,000 Visa transactions per year.

PCI Compliance Certification is not optional with us. We consider this an essential part of protecting your business.

All merchants are guided through the proper certification method. Most merchants with level I-3 use a professional 3rd party management company.

Level 4 merchant requirements:

* Annual PCI Self-Assessment Questionnaire
* Quarterly Network Scan (if applicable)

see additional compliance articles in our learning station blog.

PCI Compliance provides merchants SAFE HARBOR

Safe harbor is the outcome of the PCI certification process and provides members protection from fines and compliance exposure in the event of a data compromise. To attain safe harbor status:

* A member, merchant, or service provider must maintain full compliance at all times, including at the time of breach as demonstrated during a forensic investigation.

* A member, merchant, or service provider must demonstrate that prior to the compromise their merchant had already met the compliance validation requirements, demonstrating full compliance. Note: It is important to note that the submission of compliance validation documentation, in and of itself, does not provide the member safe harbor status. The entity must have adhered to all the requirements at the time of the compromise.