PCI SECURITY INFO FOR MERCHANTS
The PCI DSS represents a common set of industry standards or best practices that help ensure the safe handling of sensitive information. These standards were established by the top credit card brands: Mastercard, Visa, American Express, and Discover.
PCI DSS is mandatory for all merchants and is a critical component in securing
your customers’ payment card data and safeguarding your business.
Compliance helps you create and maintain a positive image and enhance
consumer confidence. Failure to comply can result in fines, cancelled accounts
and reputational impacts to your business.
All merchants, regardless of size or POS solution, are required to achieve and
maintain compliance with the PCI DSS. As part of this process, you will be aided
by a Qualified Security Assessor (QSA) and (if using an IP connection) an
Approved Scanning Vendor (ASV) and complete a self-assessment questionnaire
and any required system vulnerability scanning.
A Qualified Security Assessor (QSA) is a data security firm that has been trained
and is certified by the PCI Security Standards Council to assess compliance to
the PCI DSS.
The QSA will:
- Verify all technical information given by the merchant or their service provider
- Use independent judgment to confirm the standard has been met
- Provide support and guidance during the compliance process
- Review the work product that supports the PCI DSS requirements and security assessment procedures
- Ensure adherence to the PCI DSS security assessment procedures
- Validate the scope of the assessment
- Select systems and system components where sample is employed
- Evaluate compensating controls
- Produce the final report