• Home
• Products & Services
• Processing Solutions
  • Overview
  • Retail Solutions
  • MOTO Solutions
  • B2B Solutions
  • eCommerce Solutions
  • Petroleum Solutions
  • Restaurant Solutions
• Partners
  • Financial Institutions
  • Associations
• PCI Compliance
  • PCI Compliance Made Easy
  • PCI for Merchants
  • PCI for Financial Institutions
  • Breach Protection Insurance
  • PCI FAQ's
  • Scanning FAQ's
• About Us
  • The BASYS Team
  • Our CEO
  • Our Background
  • Our Core Values
  • FAQ's
• Contact Us

 

What is PCI and Why is PCI Compliance Important?

The Payment Card Industry (PCI) Data Security Standard (DSS) was created to help protect cardholder data that is processed, stored or transmitted by merchants. The PCI Security Standards Council, founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc., require that all merchants maintain compliance with the PCI DSS.

 

The card organizations are very serious about data security. If your customers’ credit card data is lost or stolen, you may be subject to substantial fines per payment brand. This is in addition to repayment of subsequent fraud and card reissuance costs. Merchant fines and assessments resulting from a breach can easily reach more than $1 million.

 

By complying with this standard, you can help minimize the opportunity for loss and related fees that can result from a data breach. However, understanding what these standards mean to your business and what you need to do to bring your business into compliance can be confusing and overwhelming.

How BASYS Processing Can Help

Minimizing the confusion and simplifying PCI compliance is where BASYS comes in. As your payment processing provider, we are committed to giving you the clarity, education and support that you need to achieve compliance. It is our objective to assist you with safeguarding not only your business but also the confidence of your most valued asset—your customers.

 

A simplified PCI program including dedicated PCI Compliance Specialists, have been provided specifically for BASYS merchants in order to walk you through the self-assessment questionnaire (SAQ) and network scan, if required.

The PCI Security Standards Council requires all merchants to validate their PCI DSS compliance. To validate compliance, merchants must take the following steps:

• Complete and pass an annual PCI DSS Self-Assessment Questionnaire (SAQ) appropriate for your merchant processing environment.
• If you are storing or processing cardholder data on or through an Internet-facing environment, you must also pass quarterly vulnerability scans of your network.

Network Scans

The PCI DSS requires that all merchants with external-facing IP addresses perform quarterly, external network scans to achieve compliance. Scans identify vulnerabilities in operating systems, services and devices that could be used by hackers to target the company’s private network.

 

Once one of our dedicated PCI Compliance Specialists walks you through the entire process, we will review the results of your compliance status with you. If your network does not receive a passing result, BASYS will provide the information and support needed to bring your business into PCI compliance.

 

Key Standards for All Merchants

Whether you are a merchant that processes with BASYS today or not, there are several key areas all merchants should address in their business practices. The following information is a high-level review of these areas:

 

Build and Maintain a Secure Network

• Install and maintain a firewall configuration to protect data.
• Avoid using vendor-supplied defaults for system passwords and other security parameters. Create your own unique password(s) and never give it to anyone.

Protect Cardholder Data

• Make sure all receipts truncate the cardholder’s account number.
• Protect stored data, including but not limited to electronic data, your customers’ sales slips and your receipts.
• Store copies of all sales receipts in a secure manner.
• If you destroy sales receipts, make sure they are unreadable.
• Give the carbon copy of the sales receipt to your customer.
• Encrypt transmission of cardholder data and sensitive information across public networks.

Maintain a Vulnerability Management Program

• Use and regularly update antivirus software.
• Develop and maintain secure systems and applications.

Implement Strong Access Control Measures

• Restrict access to data by business need-to-know.
• Assign a unique ID to each person with computer access.
• Restrict physical access to cardholder data.

Regularly Monitor and Test

• Track and monitor all access to network resources and cardholder data.
• Regularly test security systems and processes.

Maintain an Information Security Policy

• Maintain a policy that addresses information security.

Additional Resources for Merchants

As a merchant, you may find information on the following sites useful:

• Visa Cardholder Information Security Program
• MasterCard Site Data Protection Program
• Discover Information Security and Compliance
• PCI Security Standard Council
  

Call Us: 800-386-0711

8450 Nieman Road, Lenexa, KS 66214

Fax: 913-888-5522

Email: info@BasysPro.com

Home | Products & Services | Partners | About Us | Contact Us

Copyright © 2012 BASYS Processing, Inc. All Rights Reserved.