At BASYS, our goal is to help you grow your merchant portfolio. One way we do this is by creating awareness and providing education on the key issues your merchants face each day.
The Payment Card Industry (PCI) Data Security Standards (DSS) is one of these issues. The PCI DSS was created to help protect cardholder data that is processed, stored or transmitted. The major global payment brands require that every entity -- including financial institutions, as well as merchants and service providers -- that stores, processes, or transmits payment card data, in every channel – including catalog and online retailers as well as brick-and-mortar businesses -- must be in compliance with the PCI Data Security Standard (PCI DSS).
The card organizations are very serious about data security. If credit card data is lost or stolen, your merchants may be subject to substantial fines per payment brand. This is in addition to repayment of subsequent fraud and card reissuance costs. Merchant fines and assessments resulting from a breach can easily reach more than $1 million. By complying with this standard, merchants can help minimize the opportunity for loss and related fees that can result from a data breach.
In addition to creating awareness and education around the PCI DSS, BASYS is also simplifying the compliance process for financial institutions. Our friendly and knowledgeable PCI Compliance Specialists will assist you in creating a unique program that will be the best fit for you; we are here to help.
A simplified PCI program including dedicated PCI Compliance Specialists, have been provided specifically for BASYS merchants in order to walk them through the self-assessment questionnaire (SAQ) and network scan. If required. The PCI Security Standards Council requires all merchants to validate their PCI DSS compliance. To validate compliance, merchants must take the following steps:
- Complete and pass an annual PCI DSS Self-Assessment Questionnaire (SAQ) appropriate for their merchant processing environment.
- If merchants are storing or processing cardholder data on or through an Internet-facing environment, they must also pass quarterly vulnerability scans of their network.
Key Standards for All Merchants
Whether a merchant processes with BASYS today or not, there are several key areas all merchants should address in their business practices. The following information is a high-level review of these areas:
Build and Maintain a Secure Network
- Install and maintain a firewall configuration to protect data.
- Avoid using vendor-supplied defaults for system passwords and other security parameters. Create your own unique password(s) and never give it to anyone.
Protect Cardholder Data
- Make sure all receipts truncate the cardholder’s account number.
- Protect stored data, including but not limited to electronic data, your customers’ sales slips and your receipts.
- Store copies of all sales receipts in a secure manner.
- If you destroy sales receipts, make sure they are unreadable.
- Give the carbon copy of the sales receipt to your customer.
- Encrypt transmission of cardholder data and sensitive information across public networks.
Maintain a Vulnerability Management Program
- Use and regularly update antivirus software.
- Develop and maintain secure systems and applications.
Implement Strong Access Control Measures
- Restrict access to data by business need-to-know.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
Regularly Monitor and Test
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
Maintain an Information Security Policy
- Maintain a policy that addresses information security.
Additional Resources for Merchants
As a merchant, you may find information on the following sites useful:
