What is PCI?
Payment Card Companies require all merchants to attain varying levels of security referred to as PCI (payment card industry) Compliance. This involves the successful completion on an annual basis of the appropriate SAQ (self-assessment questionnaire). The SAQ is a testament to the PCI Security Standards Council which demonstrates that the merchant is correctly and safely handling card information. This compliance ensures that the public has a measure of confidence that their financial data is protected.
Who Needs PCI Compliance?
Any merchant regardless of size who has the ability to accept payments via credit/debit/prepaid/purchase or gift cards HAS to comply with all security standards of the PCI Data Security Standard. Period.
What Happens if a Merchant is Not PCI Compliant?
In the event that a merchant is not PCI compliant, a monthly fine is levied and the merchant is at risk for a potential breach. Should a breach occur during this non-compliant phase, the merchant has increased liability. Liability can include, but not limited to: additional fines, higher processing costs, litigation risk, and harm to the reputation of the merchant’s business.
Who is Harmed by a Breach?
Everyone. The merchant is harmed due to subsequent fines, higher processing fees, potential litigation, and negative press. The customers of the merchant are harmed because their data is compromised and they run the risk of identity theft. The public at large is harmed because the costs of processing rise due to increased risk in the industry.
Enterprise PCI was Created out of Necessity
As more and more clients of National Processing Solutions (NPS) grew frustrated with the PCI compliance process, we saw an opportunity to fill that vacuum. Processors and banks are not permitted to assist merchants with their PCI compliance activities as it is deemed a conflict of interest. Enterprise PCI is a completely separate entity and acts as a consultant for not only NPS merchants, but anyone who accepts card payments. Merchants who are not PCI compliant are not only hit with monthly fines but are also a target for cybercriminals. A lose-lose if there ever was one! Secure processing is beneficial to everyone!
Enterprise PCI Offerings
-Consulting and analysis of appropriate SAQ’s
-Creating policy and procedure manuals for PCI DSS approved processing activities
-Assisting merchants on building and maintaining a secure network
-Maintaining a vulnerability management program
-Regularly monitoring and testing networks
-Implementing strong access control measures
-Protect cardholder data