What is PCI Compliance?
Payment card industry (PCI) Security Standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC). These requirements apply to all entities and businesses that store, process or transmit cardholder data. The security standards and requirements are managed by the PCI Security Standards Council and have to be enforced by the card brands: American Express, Discover, JCB, Mastercard, and Visa.
Why do you have to be PCI compliant?
Keeping your PCI Compliance up to date will help ensure the following,
- Build and maintain a secure network and systems
- Protect Cardholder Data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
Payroc encourages all businesses that accept credit cards to comply with PCI DSS to help lower the brand and financial risks associated with a data compromise. Consequences for non-compliance may include non-compliance fees as well as financial, operational, and brand reputation damage, and in some cases can even lead to your future inability to accept credit cards.
How do I become PCI compliant?
You can be set up to be PCI Compliant with our partner program - Secure Trust PCI Manager.
The website can be found here - https://www.securetrust.com/
SecureTrust (a Trustwave Division) is a Qualified Security Assessor (QSA) and Approved Scanning Vendor
(ASV) that we have partnered with to provide our merchants with a path to PCI compliance by providing services and assessments to ensure the business meets the PCI-DSS.
More information: https://pci.securetrust.com/payroc
You will need to complete a PCI Self-Assessment Questionnaire (SAQ) and depending upon the structure of your payment system, and the processes and hardware you use - a vulnerability scan or penetration test may be required.
The easy-to-use questionnaire allows you to perform a self-assessment of your payment environment and attest as to your compliance with the PCI security requirements.
A vulnerability scan is an automated and non-intrusive scan that assesses your network and web applications from the perspective of the public internet. The scan helps identify any vulnerabilities in the system that may allow unauthorized or malicious users to gain access to data. A penetration test is generally only required for complex merchant environments that store or transmit actual card or track data.
Get Access to the Secure Trust PCI Manager
If you do not have access to this already you can request for this to be set up. Scroll to the bottom of this article and select "Open a support case".
Please include your:
- Full Name
- Phone
- Merchant ID Number
- DBA Name
- A brief explanation ie; I require access to my PCI compliance tool
Help with Secure Trust PCI Manager
If you already have access to the Secure Trust PCI Manager but require assistance with your questionnaire or vulnerability scan, you can reach out to secure trust for further assistance or refer to the Secure Trust PCI Manager guide.
Phone - 877 - 417 - 2186
Email - [email protected]
Download a PCI Guide
Click the link to download the PCI Getting Started Guide.