Helping You Stay Secure & Compliant
Our PCI-DSS compliance program is included with all of our merchant accounts. We want to make this process as easy and affordable to you as possible. Most small and medium sized businesses are Level 4 merchants. Level 4 merchants are businesses processing less than one million retail transactions a year or less than 20,000 ecommerce transactions per year. If you are a level 4 merchant, compliance can be as easy as filling out a self-assessment questionaire.
Our PCI program is included as part of your Helcim merchant account package, built into our monthly fee. Unlike most processors, we do not charge any quarterly or annual PCI fees. We've partnered with Sysnet, one of the world's top security companies, who provide the PCI portal, questionnaires, reviews, security scans and compliance certificates. Outside of our PCI program, businesses can also employ Sysnet's services if additional consultations or audits are needed.
We provide our compliant Level 4 merchants with a $20,000 breach coverage in the form of fee mitigation. This means that in the event of a breach, up to $20,000 of fines levied by the card-brands will be covered. Another reason for merchants to get compliant! Non-compliant merchants get up to $10,000 in coverage.
Merchants have 90 days from approval to show proof of their compliance. For the majority of businesses, this is as easy as filling out a basic online questionnaire. Merchants who fail to complete their compliance are subject to a $20 per month non-compliance penalty. While non-compliance fees are never fun, we are required to meet certain compliance levels for our total merchant count, and a non-compliance fee is an effective way to motivate merchants to complete the questionnaires. New to PCI standards? Prepare your business for PCI compliance with these simple tips.
Self-Assessment Questionnaire (SAQ)
SAQs (Self-Assessment Questionnaires) are a series of YES and NO questions to see if your business meets the standards required to process credit card information. Our PCI portal walks merchants through the questionnaire, immediately notifying them if a question is answered incorrectly and providing them with background information.
Approved Scanning Vendor (ASV) Scans
ASV (Approved Scanning Vendor) is a scan of your office IP address or website address (for ecommerce merchants). The scan will mostly be scanning your firewall/router to make sure that there are no open vulnerabilities that could allow hackers to infiltrate your network.
Similar to the ASV scans, penetration testing is a more thorough testing of your external and internal networks for possible security holes that could allow a hacker to infiltrate your computer or servers and access credit card information. This requirement is new to certain level 4 merchants with the arrival of PCI version 3.
Frequently Asked Questions
What is PCI Compliance?
PCI DSS (Payment Card Industry Data Security Standard) is a set of standards designed to ensure that credit card information remains safe and is captured and transmitted in a secure way. In other words, it is a set of rules to reduce the risk of fraudsters, hackers and thieves from stealing sensitive credit card information.
Who does it apply to?
PCI compliance applies to all businesses accepting credit and debit card payments, regardless of their size or their nature. Even tiny merchants using a mobile app on the weekend are required to meet the PCI standard. PCI is the world's largest security standard, as it applies to millions of merchants, processors, ATM companies and other service providers world-wide.
Who sets the standard and who enforces it?
The Payment Card Industry Security Standards Council (PCI SSC) is the governing body that sets and updates the standard. It was created in 2006 by the major card-brands, including Visa, MasterCard, Discover and American Express in order to have a universal set of rules. The card-brands are the ones that enforce the standard, requiring processors to be compliant, validate their merchants, and impose fines if a breach occurs because of non-compliance.
Why do I have to be compliant?
To avoid getting breached and losing credit card numbers! Fines imposed by the card-brands in the event of a breach can be extremely costly. In this digital age all businesses should want to protect themselves. By being compliant you also gain access to our breach coverage. Prepare your business for compliance by visiting the top PCI compliance tips.
I've been processing for years, why now?
With the release of PCI version 3 (the newest standard), Visa and MasterCard are now requiring that all processors validate the compliance of all their merchants. To make this process easy and affordable for our merchants, we've put together a PCI program that is included as part of our merchant services.
My provider is compliant, does that mean I'm compliant?
The short answer is no. While it is crucial to use point-of-sale providers, shopping carts and payment processors that are compliant, you are still responsible for your own staff and environment. A virus-infected computer or a dishonest staff member is all it could take to have someone steal credit card numbers from your business.