Compliance
The Payment Card Industry (PCI) Data Security Standard (DSS) was established to safeguard cardholder data processed, stored, or transmitted by merchants. Compliance is obligatory but often entails confusion, expense, and time. We handle all aspects of this process.
Moreover, understanding what's necessary to achieve compliance can be unclear, and the monthly or annual PCI compliance fees you're paying might seem puzzling and avoidable. We recognize that businesses seek a payments partner that simplifies the process. Below, we've compiled answers to several frequently asked questions about compliance.
With Leading Edge Payments, you gain a trusted payments partner boasting decades of experience across multiple industries.
We offer:
- Simple, easy-to-understand questionnaires
- Quick results about your compliance status
- Information you can use – useful tips for safeguarding your business and your customer
Frequently Asked Questions
What is PCI Compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that exist to ensure all entities that accept, process, store or transmit credit card information do so in a secure environment.
Is PCI Compliance new?
No. The framework of the PCI data security standards has existed in different forms for some time now and continues to evolve.
What is required to certify that my account is PCI compliant?
You must complete a PCI DSS self-assessment questionnaire on an annual basis. If you electronically store cardholder information, or if your processing systems have internet connectivity, a quarterly scan by an approved scanning vendor is also required.
Do all merchant accounts still need to be PCI Compliant?
Yes, all merchants, whether small or large, need to be PCI compliant.
Do merchants who sell only on a seasonal basis also need to be PCI Compliant?
Yes.
If I am already using a "PCI compliant" terminal/gateway, do I have to have my account certified for PCI compliance?
The PCI Security Standards Council has various requirements programs. The Payment Application Data Security Standards (PA-DSS) requires software vendors and others to develop secure payment applications that do not store prohibited data such as full magnetic stripe, CVV2 or PIN data, and ensure their payment applications support compliance with the PCI DSS.
What is an “approved scanning vendor”?
An “approved scanning vendor” is a third party that validates compliance with DSS requirements by performing vulnerability scans of a merchant's internet-facing systems.
Is there an annual fee for becoming PCI compliant?
Yes, but if you have already become PCI compliant, then you will not have to pay any additional fees for the calendar year in which you become compliant.
How do my customers know that I am PCI compliant?
Upon completion of your PCI certification, you will receive a certificate of compliance logo to display on your website.
May I choose not to certify for PCI Compliance?
Not without significant risk. MasterCard® and Visa® require all acquirers to report on the PCI Compliance of their merchants. In the event that your business is compromised, you may be subject to fines of up to $500,000 per payment brand. These fines would be in addition to the expenses and fraudulent transactions resulting from the breach.
How frequently must I certify my PCI compliance?
The PCI compliance certificate is valid for one year from the date the certificate is issued. You are required to complete the PCI DSS self-assessment annually.