Compliance

pci.png#asset:18

The Payment Card Industry (PCI) Data Security Standard (DSS) was created to help protect cardholder data that is processed, stored or transmitted by merchants. Compliance is mandatory, but it can be confusing, expensive and time consuming.

Additionally, it might be unclear what you need to do to bring your business into compliance, and the monthly or annual PCI compliance fees that you are paying may be confusing. We understand that businesses need a payments partner that cuts through the clutter and makes it easy. So we have put together answers to several FAQs below to help answer commonly asked compliance questions.

With Leading Edge, you get a proven payments partner with combined decades of experience in multiple industries.

We provide:

  • Simple, easy-to-understand questionnaires
  • Quick results about your compliance status
  • Information you can use – useful tips for safeguarding your business and your customers

Frequently Asked Questions

What is PCI Compliance?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that exist to ensure all entities that accept, process, store or transmit credit card information do so in a secure environment.

Is PCI Compliance new?

No. The framework of the PCI data security standards has existed in different forms for some time now and continues to evolve.

What is required to certify that my account is PCI compliant?

You must complete a PCI DSS self-assessment questionnaire on an annual basis. If you electronically store cardholder information, or if your processing systems have internet connectivity, a quarterly scan by an approved scanning vendor is also required.

Do all merchant accounts still need to be PCI Compliant?

Yes, all merchants, whether small or large, need to be PCI compliant.

Do merchants who sell only on a seasonal basis also need to be PCI Compliant?

Yes.

If I am already using a "PCI compliant" terminal/gateway, do I have to have my account certified for PCI compliance?

The PCI Security Standards Council has various requirements programs. The Payment Application Data Security Standards (PA-DSS) requires software vendors and others to develop secure payment applications that do not store prohibited data such as full magnetic stripe, CVV2 or PIN data, and ensure their payment applications support compliance with the PCI DSS.

What is an “approved scanning vendor”?

An “approved scanning vendor” is a third party that validates compliance with DSS requirements by performing vulnerability scans of a merchant's internet-facing systems.

Is there an annual fee for becoming PCI compliant?

Yes, but if you have already become PCI compliant, then you will not have to pay any additional fees for the calendar year in which you become compliant.

How do my customers know that I am PCI compliant?

Upon completion of your PCI certification, you will receive a certificate of compliance logo to display on your website.

May I choose not to certify for PCI Compliance?

Not without significant risk. MasterCard® and Visa® require all acquirers to report on the PCI Compliance of their merchants. In the event that your business is compromised, you may be subject to fines of up to $500,000 per payment brand. These fines would be in addition to the expenses and fraudulent transactions resulting from the breach.

How frequently must I certify my PCI compliance?

The PCI compliance certificate is valid for one year from the date the certificate is issued. You are required to complete the PCI DSS self-assessment annually.