The information below is from First Data
"Several of you have asked questions about SecurityMetrics and the phone calls they are making to our merchants. Here is the campaign that is currently underway:
We recently started an official Level 4 PCI compliance program for FDS. SecurityMetrics is the preferred security vendor for the Level 4 program and is helping to manage it which includes a phone campaign. Communications in regards to PCI compliance were included in the Spring release letter and info regarding SecurityMetrics has been included as statement messages for the past couple of months for our merchants. As you know, all merchants are required to be PCI compliant.
While SecurityMetrics is the preferred vendor, the merchants are not required to use them. For those merchants who require scans, they have to be completed by an Approved Scanning Vendor (ASV). A listing of ASVs can be found by visiting the card association websites or at http://www.pcisecuritystandards.org/. Merchants who decide to use SecurityMetrics’ services would receive a preferred discount (if they don’t already have the Annual Compliance Fee of $94.75 listed on their MPA).
Please see below for additional PCI compliance information:
Merchant Level Description
Level 1:
Any merchant -- regardless of acceptance channel -- processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.
Level 2:
Any merchant -- regardless of acceptance channel -- processing 1M to 6M Visa transactions per year.
Level 3:
Any merchant processing 20,000 to 1M Visa e-commerce transactions per year.
Level 4:
Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants -- regardless of acceptance channel -- processing up to 1M Visa transactions per year."
Additional information can be found on these websites:
www.pcisecuritystandards.org - Includes a complete list of PCI DSS requirements, the self assessment questionnaire, and approved security assessors/scan vendors.
www.visa.com/cisp - Additional compliance and validation information, and lists of validated payments applications and compliant service providers.
www.mastercard.com/sdp - Additional compliance and validation information.
If you have any questions regarding this information, please contact Richard Del Valle, First Data Account Executive, Western Region at (408) 274-2206.
Saturday, August 08, 2009
Wednesday, August 05, 2009
Can you afford NOT to be PCI Compliant?
Big Hairy Dog has received confirmation that credit card associations are taking a more assertive approach to PCI compliance validation. They have begun to implement stricter compliance validation mandates and increase fine penalties.
BHD wants to continue to work with our customers to educate each of you about PCI, and your role as a Level 1, 2, 3 or 4 Merchant. Over 90% of compromises occur at ‘Level 4’ merchants. Level 4 are those merchants who process less than 20 thousand credit card TRANSACTIONS annually. Most of BHD customers fall in the Level 4 category.
Currently fines assessed to merchants have come directly from the card associations as a result of:
1) A business encountered an account data compromise and did not validate their PCI compliance in time per the card brands. Therefore, the card brands will assess a monthly fine until they see the appropriate validation documents showing their compliance.
2) A business that qualifies as a Level 1 - 3 in terms of PCI compliance and did not submit their appropriate quarterly or yearly re-validation documents. The card brands may then fine them for failure to provide appropriate documentation.
Visa fine penalties due to PCI non-compliance are assessed monthly and determined by merchant level. MasterCard fine penalties due to PCI non-compliance are assessed quarterly and determined by merchant level.
We want to help you avoid these fines! If you are not PCI Compliant, please call Big Hairy Dog TODAY and find out how you can become PCI Compliant at affordable prices!
Protect your Business....Call Today! 800-377-7776
BHD wants to continue to work with our customers to educate each of you about PCI, and your role as a Level 1, 2, 3 or 4 Merchant. Over 90% of compromises occur at ‘Level 4’ merchants. Level 4 are those merchants who process less than 20 thousand credit card TRANSACTIONS annually. Most of BHD customers fall in the Level 4 category.
Currently fines assessed to merchants have come directly from the card associations as a result of:
1) A business encountered an account data compromise and did not validate their PCI compliance in time per the card brands. Therefore, the card brands will assess a monthly fine until they see the appropriate validation documents showing their compliance.
2) A business that qualifies as a Level 1 - 3 in terms of PCI compliance and did not submit their appropriate quarterly or yearly re-validation documents. The card brands may then fine them for failure to provide appropriate documentation.
Visa fine penalties due to PCI non-compliance are assessed monthly and determined by merchant level. MasterCard fine penalties due to PCI non-compliance are assessed quarterly and determined by merchant level.
We want to help you avoid these fines! If you are not PCI Compliant, please call Big Hairy Dog TODAY and find out how you can become PCI Compliant at affordable prices!
Protect your Business....Call Today! 800-377-7776
Subscribe to:
Posts (Atom)