Create an Account

 
Full Name:
 
Phone:
Email Address:
 
Create a Password:
You agree to the terms and conditions and privacy policy.

Please select one:

Myth. Outsourcing card processing makes us compliant.

Fact. Outsourcing simplifies payment card processing but does not provide automatic compliance. Don’t forget to address policies and procedures for cardholder transactions and data processing. Your business must protect cardholder data when you receive it, and process charge backs and refunds. You must also ensure that providers’ applications and card payment terminals comply with respective PCI standards and do not store sensitive cardholder data. You should request a certificate of compliance annually from providers.

May 2, 2011

Myth. PCI compliance is an IT project.

Fact. The IT staff implements technical and operational aspects of PCI-related systems, but compliance to the payment brand’s programs is much more than a ‘project’ with a beginning and end – it’s an ongoing process of assessment, remediation and reporting. PCI compliance is a business issue that is best addressed by a multi-disciplinary team. The risks of compromise are financial and reputational, so they affect the whole organization. Be sure your business addresses policies and procedures as they apply to the entire card payment acceptance and processing workflow.

May 2, 2011

Myth. PCI will make us secure.

Fact. Successful completion of a system scan or assessment for PCI is but a snapshot in time. Security exploits are non-stop and get stronger every day, which is why PCI compliance efforts must be a continuous process of assessment and remediation to ensure safety of cardholder data.

May 2, 2011

Myth. PCI is unreasonable; it requires too much.

Fact. Most aspects of the PCI DSS are already a common best practice for security. The standard also permits the option using compensating controls to meet some requirements. The standard provides significant detail, which benefits merchants and processors by not leaving them to wonder, ‘Where do I go from here? “]’ This scope and flexibility leads some to view PCI DSS as an effective standard for securing all sensitive information.

May 2, 2011

Myth. PCI requires us to hire a Qualified Security Assessor (QSA).

Fact. Because most large merchants have complex IT environments, many hire a QSA to glean their specialized value for on-site security assessments required by PCI DSS. The QSA also makes it easier to develop and get approval for a compensating control. However, PCI DSS provides the option of doing an internal assessment with an officer sign-off if your acquirer and/or merchant bank agrees. Mid-sized and smaller merchants may use the Self-Assessment Questionnaire (SAQ) found on the PCI SSC Website to assess themselves.

May 2, 2011

Follow Payline:

Latest posts

High Approval Rates for Ecig, vaporizer and smokeless inhaler merchant accounts April 17, 2013
Visa may add fee to digital wallet transactions too March 21, 2013
Square Cease And Desist Issued By Illinois State Department Of Financial Regulation March 1, 2013
Surcharge on Credit Cards, now available at your local business… January 26, 2013
How Credit Card Processing Works, and Why Fees Vary – Quick Version December 13, 2012

Categories

Tag Cloud

Archives