PCI Security is a very hot topic in the credit card processing industry these days . Merchants don’t understand or accept PCI, and are frustrated by the new PCI compliance fees they are seeing on their merchant statements (if you haven’t seen yours yet–look harder). Even worse, several processors and shady merchant services sales people are distorting facts and downright lying in the never-ending quest to steal a merchant account from a competitor in order to make an extra dollar. 
Let’s set the record straight once and for all. If you are a merchant of any kind, any size, any industry, here is a concise listing of everything you MUST know about PCI Security compliance:
What is PCI DSS?
The Payment Card Industry Data Security Standards are requirements designed to minimize theft and misuse of sensitive credit card data at every level of credit card processing.
Who has to Comply?
Member Banks – Acquiring Bank and Card Issuing Banks.
Merchants – Any merchant who accepts any of the major card brands, including Visa, Mastercard, American Express and Discover.
Service Providers – Internet Gateways, Shopping Cart Vendors and Hosting Companies
What does PCI Compliance mean to my business?
The card associations require that cardholder information be handled and maintained in a secure fashion. ALL merchants are required to meet the PCI compliance guidelines.
What is the difference between compliance and validation?
Compliance is the process of implementing the security controls and policies required by the standard. Validation is the process of proving that you are compliant. PCI compliance requires both functions to be performed.
How often do I have to validate my compliance?
You are required to validate compliance every 12 months.
What if I change my merchant service provider in the next 12 months?
You will receive a Certificate of Compliance once you have completed the required SAQ and scan, if required, that you will be able to provide to your new merchant service provider to validate your compliance.
What happens if I am not in compliance?
Failure to comply with these requirements can result in significant fines and the possible cancellation of payment processing capability.
Am I liable if my service provider is breached?
It depends, but it is certainly possible. If you use a 3rd party service provider to process your credit card transactions it is your responsibility to ensure they are PCI compliant. If they aren’t and they are breached you can be held liable also. There are known cases of that happening currently.
Does PCI compliance apply to non-profit organizations?
Yes, the liability and risks still exist and need to be addressed. In fact, because you are a non-profit organization the effects of a data breach could be even more damaging to your business due to the fines and other possible penalties.
How do I determine the specific requirements that apply to my business?
Compliance requirements vary by method of processing, such as using a stand alone landline, wireless communications or the internet to process. Simply review the table provided, click on the letter next to the description that best describes your business, and you will be taken directly to the applicable requirements.
What is a Self-Assessment Questionnaire?
The Self-Assessment Questionnaire “SAQ” is a validation tool for merchants and service providers who are not required to do on-site assessments for PCI DSS compliance.
What is cardholder data?
Primary Account Number (PAN)
Cardholder Name
Expiration Date
Sensitive Authentication Data
Full magnetic stripe data
Card Validation Code/Value
Personal Identification Number (PIN)
What can never be stored, even if encrypted?
Full magnetic stripe
Card Validation Code/Value
Personal Identification Number (PIN/PIN block)
What are the 12 requirements?
What is the difference between a Static IP and a Dynamic IP address?
A static IP address is the number assigned to a computer by an Internet service provider to be its permanent address on the Internet. If you have a static IP your IP address remains the same every time you log in. Once you have provided JDS with your IP address your scans will be performed without any action required on your part.
A dynamic IP address is your IP address for only as long as you are logged in for a session on the Internet. Once you disconnect from the Internet, that dynamic IP address goes back into the IP address pool so it can be assigned to another user. Consequently you will rarely, if ever, have the same IP address twice.
Who can I contact if I have any questions about PCI? Call 1-877-689-1691 or email your questions to amspcs@juno.com. You may also contact us at http://www.merchantservices-help.com/contact.html We will answer your quesetions and/or refer you to the proper source as quickly as possible.
What other links should I refer to for additional information and assistance regarding PCI?
http://www.merchantservices-help.com/PCIcompliance.html contains more valauble information on PCI Data Security as well as a direct link to the PCI Security Standards Council page.
Who
Twitter
Facebook
This subject was really educational and effectively written. I program to do some additional investigation on this. Gives thanks for expressing this timely data. We have to have additional such as this.
Thank You for your the fantastic and instructive article. I’ll be looking at to come back in just a few a short time for some more updates.
I looked by way of your preceding posts. Good function there….
Astounding buddy. Its good and such an awesome thing. I’d include this to my rss feed
I really enjoyed your article and would like to know if I provide a link back to your site if I can use your article on one of my sites?
By all means, please do use article and providfe link back. Thanks.
Thanks a lot for the article post.Thanks Again.