All entities that store, process, or transmit cardholder data are required to adhere to the Payment Card Industry Data Security Standards (PCI-DSS), a set of policies and procedures managed by an organization that was created by the major payment card brands (Visa®, MasterCard®, Discover®, American Express® and others). These standards are intended to optimize the security of payment card transaction data to protect from a data breach.
A data breach can result in thousands of dollars in fines from banks and card brands who need to recoup losses suffered from the payment card fraud. When cards are used fraudulently, cardholders are typically not held responsible for the fraudulent transactions, thus, the banks and card brands seek to recover some of those losses. There are often additional costs related to forensic investigations and card replacement.
We have launched a PCI program designed to help you validate your compliance and protect your customers’ data for the long-term. Once registered, you will be guided step-by-step through the PCI DSS certification process, which includes a Self-Assessment Questionnaire, and for some merchants, a network vulnerability scan. The questionnaire includes questions about your policies, procedures, administrative controls, access controls, and physical security measures related to protecting cardholder data.