PCI

PCI DSS (Payment Card Industry Data Security Standard) is a set of requirements designed to ensure that ALL companies that processstore or transmit credit card information maintain a secure environment. Essentially any merchant that has a Merchant ID (MID). Ii was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with focus on improving payment account security throughout the transaction process.

Who sets the standard and who enforces it?

The Payment Card Industry Security Standards Council (PCI SSC) is the one that sets and updates the standard. The major card-brands , including Visa, Mastercard, Discover and American Express set a rules requiring processors to be compliant, validate their merchants, and impose fines if a breach occurs because of non-compliance.

Start an Application Online

    Are you interested in a complete POS System or just specific components?*

      IntruxtPayments is PCI Level-1 Compliant

      By being PCI Level-1 Compliant, it means that we go through rigorous on-site audits, penetration testing and inspections in order to obtain the highest level of compliance with the Payment Card Industry Data Security Standard (PCI-DSS). This allows us to be displayed on the Visa and MasterCard global list of compliant service providers:

      We work to provide a POS package that is customizable on the specific needs and priorities of your business. This will allow your business to gain the maximum benefits from your POS system, and gain the return on investment you desire.

      ABOUT PCI compliance

      PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Said another way, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply.

      Yes. All business that store, process or transmit payment cardholder data must be PCI Compliant.

      In-scope cards include any debit, credit, and pre-paid cards branded with one of the five card association/brand logos that participate in the PCI SSC – American Express, Discover, JCB, MasterCard, and Visa International.

      The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can be catastrophic to a small business.

      It is important to be familiar with your merchant account agreement, which should outline your exposure.

      All merchants will fall into one of the four merchant levels based on Visa transaction volume over a 12-month period. Transaction volume is based on the aggregate number of Visa transactions (inclusive of credit, debit and prepaid) from a merchant Doing Business As (‘DBA’). In cases where a merchant corporation has more than one DBA, Visa acquirers must consider the aggregate volume of transactions stored, processed or transmitted by the corporate entity to determine the validation level. If data is not aggregated, such that the corporate entity does not store, process or transmit cardholder data on behalf of multiple DBAs, acquirers will continue to consider the DBA’s individual transaction volume to determine the validation level.
      Merchant levels as defined by Visa:

       

      Merchant LevelDescription
      1Any merchant — regardless of acceptance channel — processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.
      2Any merchant — regardless of acceptance channel — processing 1M to 6M Visa transactions per year.
      3Any merchant processing 20,000 to 1M Visa e-commerce transactions per year.
      4Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants — regardless of acceptance channel — processing up to 1M Visa transactions per year.

      * Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.

      If your business locations process under the same Tax ID, then typically you are only required to validate once annually for all locations. And, submit quarterly passing network scans by an PCI SSC Approved Scanning Vendor (ASV), if applicable.