Home > Payment Processing > PCI Compliance
PCI Compliance
Complicated and costly, but required.
Can FP help you avoid the associated headaches and expense?
Remember the days when you would go to the store and hand the cashier your credit card? The cashier would put your card on a little machine and move an arm to take an imprint of the card. Back then the security concern was the possibility of someone going through the retailer's trash can to get a credit card number off of a messy, black carbon.
As electronic credit card processing has grown, so has the problem of security. Where a search through a trash can might have yielded 1 to hundreds of credit card numbers, a good hack to a computer system now can yield access to hundreds of thousands or even millions or billions of credit card numbers. These stolen credit card numbers can then be used multiple times and with several merchants. The potential cost to the industry is almost inconceivable.
To universally combat the Credit Card Security problem, Visa and MasterCard officially announced the alignment of Visa's Cardholder Information Security Program (CISP) and MasterCard’s Site Data Protection (SDP) programs in December 2004. Recognizing the need for a common set of security requirements and a single validation process, the two card "brands" collaborated to create the Payment Card Industry (PCI) Data Security Standard. Other payment card brands, American Express, Discover Card, and others, have also endorsed this Standard within their respective programs and have accepted on-site assessments performed by security companies approved by Visa.
Ultimately, the PCI Data Security Standard is designed to create secure data processing and storage, limiting the chance for wide-spread credit card fraud. Becoming PCI compliant does not limit your exposure to fraud. It limits the chance of your company providing the access to credit card information that could be fraudulently used with other merchants.
According to the PCI standards, any company that has access to a consumer’s credit card — at any time during the transaction — must become PCI compliant and remain PCI compliant. Although ALL merchants are required to comply with the PCI standards, merchants fall into one of four merchant levels based on annual transaction volume. At lowest level, Level 4, PCI compliance is required, but the degree to which that compliance is validated is at the discretion of the acquirer (credit card processor). Level 2 and 3 Merchants who process between 20,000 and 6,000,000 e-commerce transactions per year are required to complete an Annual Self-Assessment Questionnaire and hire a Qualified Independent Scan Vendor to perform Quarterly Network Scans. Level 1 companies, merchants processing over 6,000,000 transactions per year and all service providers, are required to have a Visa-authorized Qualified Data Security Company (QDSC) complete an annual on-site PCI Data Security Assessment with a Report on Compliance (ROC) and have a Qualified Independent Scan Vendor perform Quarterly Network Scans.
As a credit card service provider, FP has encrypted our data and secured our systems according to the PCI Standards. We have contracted with a QDSC (Qualified Data Security Company) to perform our PCI (Payment Card Industry) audit and file the required ROC (Report on Compliance) annually with Visa and complete the necessary quarterly scans. The resulting security is at the industry's highest level. FP is in the final documentation stages of obtaining compliance credentials.
Again, any company that has access to a consumer's credit card — at any time during the transaction — must become PCI compliant and remain PCI compliant. However, as your credit card submitter, FP may be able to help you, the merchant, avoid the expense and headaches. Please contact us to learn more!
Top of Page
FP Services is proud to be associated with the following:
