PCI Compliancy Summary Information
IMPORTANT: This page was updated on 2/6/2018. Please check back here often as new information is being posted daily as we continue our research and hear from other merchant experiences.|
As of mid-February 2014, we have secured a discounted bulk-rate with a company called ControlScan who will not only get you compliant, but they will also automatically cover you with breach protection up to $100,000 for each merchant. We researched 160 different assessors and we found that ControlScan offers the best compliancy tools in the market. Their wizard is amazing and it enormously simplifies the questionaire process. They also offer the IP scans for those who are applicable, and they best part is that they offer personalized live phone support with experienced technicians who can help answer all of your questions until you reach the compliant status.
NOTE: Be sure that you read and open any emails from ControlScan as they should be arriving in your email very soon. Email us at firstname.lastname@example.org if you have not received any emails from ControlScan.
In summary, per Visa/MC, you are required to be compliant to be able to accept their credit cards for your business. If you do the compliancy, then you can avoid the monthly non-compliance fees.
If you do not do the compliancy process, then you will be fined $18/month by Global Payments (or $50/month by Elavon) indefinitely until you become compliant.
On the bright side of this compliancy exercise, you will be comforted by knowing that your own business data, computers & networks will also be secure.
What is PCI Compliancy?
PCI Compliancy (Payment Card Industry) was created, and then mandated, by the credit card associations to help protect credit card data from being stolen from your business. These stolen cards account for large losses due to fraudulent use of those numbers. Compliancy is not a single one-time event, but instead a perpetual process. A full explanation can be found at http://www.PCISecurityStandards.org, but in short, it is a "best practices" process that requires you to complete a self-assessment questionnaire (SAQ). The questionnaire is easy for dial-up terminals, and gets lengthier for those using software or virtual gateways (websites).
Also, if you are using certain terminals types such as software, then it requires you to have an Approved Scanning Vendor (ASV) run an external IP penetration test on your computer(s). Basically, the ASV will attempt to hack into your router and will report to you any
vulnerability that you may have on your computer(s) or network. This is valuable discovery tool for your own personal and business data as well.
Why did this all of a sudden come up?
Sponsor banks basically fund and manage the risk for the
processor as well as do the daily deposits and EFTs. You have always been mandated by Visa/MC/Discover to become compliant, but
until recently, Global has not been issuing any fines for non-compliancy. All other processors, such as Elavon & First Data, have been implementing these fines for many years since 2009 when the PCI Security Standards organization was created. For example, Elavon's non-compliance fees are currently $50 per month.
How do I document my compliant status to discontinue the fines?
You will start by having us enroll you at ControlScan. They will help you in completing the appropriate self-assessment questionnaire, then run an IP scan if required. Once you are compliant, you will not have to do anything as we'll run monthly reports from ControlScan to identify those who have completed the compliancy. We then submit the compliancy information to Global Payments so that they discontinue the monthly non-compliance fee. You will need to submit this information annually so ControlScan will coordinate an automated reminder process for you in the future.
All information is available at the PCISecurityStandards.org website, but we have truncated that information down to the following:
- For those that require an IP scan, you have to use an approved scanning vendor for your IP scan. You may opt to use someone other than ControlScan, but the market price for other services is about $250 per year as compared to our new bulk-discount deal with ControlScan at $6 per month which includes $100,000 in breach "insurance".
- There are over 160 different assessors that are allowed to sign off on your compliancy and we narrowed that list down to just these three as the best choices based on price, user interface and support.
Please revisit this website for more information as it will be updated daily with information on how we can make this task as easy as possible.