Acquiring and maintaining PCI compliance isn’t complicated. The process is made up of common sense practices to assess your payment card processing scope and analyze it for vulnerabilities that could potentially expose cardholder data.
Cardholder data refers to any information contained on a customer’s payment card. The data is printed on either side of the card and is contained in digital format on either the magnetic stripe embedded in the backside of the card or in chips embedded on the front side which usually has the primary account number (PAN), cardholder name and expiration date. The magnetic stripe or chip holds this plus other sensitive data for authentication and authorization. In general, no payment card data should ever be stored by a merchant unless it’s necessary to meet the needs of the business. Sensitive data on the magnetic stripe or chip must never be stored.
The assessment phase is followed by the remediation phases, i.e., fixing vulnerabilities (and making sure unnecessary cardholder data isn’t stored). Next comes reporting phase in which you compile the required remediation validation records (if applicable) and submit the compliance reports to the acquiring bank and card brands with which you do business.
TransFirst’s PCI Compliance Program makes it simple and affordable to maintain this mandatory obligation between merchants and the major card brands.
- The online Self-Assessment Questionnaire (SAQ) is an easy-to-use tool that helps merchants easily determine their Validation Type. Expert help text and real-life examples are also given.
- For merchants with external-facing IP addresses, external scanning detects network vulnerability and finds holes in web-based applications. TransFirst then issues easily understandable reports with result detailed and vulnerabilities prioritized. We offer hands-on assistance for remediation.
- Merchants receive an individualized approach to compliance with a set of custom security policies, powered by the Unified Compliance Framework (UCF), and policy templates that are automatically generated based on how merchants process payment cards.
- On-demand security awareness training prepares merchants to handle sensitive information, satisfies PCI DSS requirements and eliminates the need to purchase a costly training program from a third-party provider.
Data breaches, credit card fraud and online transactions continue to be major threats to businesses and their customers. Security breaches can have dire consequences for customers as well as businesses. Some may fall victim to identity theft or have to contend with fraudulent charges made with their stolen sensitive payment data. Many businesses never recover from the devastating impact of financial losses and damaged reputation following a breach.
TransFirst recommends PCI compliance to help combat these hazards and protect cardholder data. It is an ongoing process — not a one-time event in your business life and it is well worth your time and effort.