Home Merchant Services Our Company Resources Support Our Rates Apply Now Login
 
Resources

  • Industry Glossary
  • PCI DSS Information
  • FAQs
  • Privacy Policy
    • Developers

  • Introduction
  • Developers FAQs
  • Gateway Dev. Kits
  • Virtual Store XML
  • Compatible Carts
    • Media

  • Desktop Wallpapers
  • Logos & Image Files
    		•

    Payment Card Industry Data Security Standards (PCI DSS)

    The Payment Card Industry Data Security Standard (PCI DSS) is a security program developed by major credit card companies in order to safeguard card holder data and prevent the theft or loss of such information. The current version of the standard specifies 12 requirements for compliance, organized into 6 logical groups, which are called control objectives.

    Build and Maintain a Secure Network
    • Requirement 1: Install and maintain a firewall configuration to protect cardholder data
    • Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
    Protect Cardholder Data
    • Requirement 3: Protect stored cardholder data
    • Requirement 4: Encrypt transmission of cardholder data across open, public networks
    Maintain a Vulnerability Management Program
    • Requirement 5: Use and regularly update anti-virus software
    • Requirement 6: Develop and maintain secure systems and applications
    Implement Strong Access Control Measures
    • Requirement 7: Restrict access to cardholder data by business need-to-know
    • Requirement 8: Assign a unique ID to each person with computer access
    • Requirement 9: Restrict physical access to cardholder data
    Regularly Monitor and Test Networks
    • Requirement 10: Track and monitor all access to network resources and cardholder data
    • Requirement 11: Regularly test security systems and processes
    Maintain an Information Security Policy
    • Requirement 12: Maintain a policy that addresses information security

    What does this mean for merchants?

    All businesses that accept credit cards are expected to use point of sale software, services, and terminals that meet the standards. Failure to meet PCI standards can result in actions taken from Visa / MasterCard as well as being held liable in the event of card holder data loss. Some merchants, based on their transaction types (card present / not prosent and transaction volumes) are required to take additional steps in order to be approved under the PCI program.

    Options for Online Businesses

    If you are a business doing online transactions through a processor gateway and doing more than 20,000 transactions a year, you will be required to show a PCI certificate, proving that your web servers are being scanned on a regular basis. This certificate can be obtained through a security assessor such as TrustWave http://www.trustwave.com/.

    Merchants doing online transactions through a payment page or Helcim's Virtual Store are not required to obtain a PCI certificate to be approved for a merchant account. This is only a requirement when card holder data passes through the merchant's website directly.

    For more information on the Payment Card Industry Data Security Standards, please visit:

    Privacy   |   Contact Us   |   Support   |   Sign Up   |   Merchant Login   |   Site Map Copyright © 2006-2008 Helcim Inc. All Rights Reserved.
    The Helcim name and logo are trademarks of Helcim Inc. Helcim is an ISO of Visa and a MSP of MasterCard. The Interac name and logo are trademarks of Interac Inc. The Visa and MasterCard logos are trademarks of Visa International and MasterCard International Incorporated. Ingenico logo is a registered trademark of Ingenico. New applicants are subject to conditions and approval of the application by Helcim and its partnering banks.