Become Compliant or Renew Your PCI Compliance TODAY!!!
Compliance is mandatory and it's smart. Businesses that are not PCI compliant are at greater risk for security breaches and are subject to heavy penalties. Noncompliance could be the first step to failure.
PCI compliance may seem complicated but it's really not.
- If your business accepts credit cards/debit cards/EBT's, you must meet the Payment Card Industry Data Security Standard (PCI DSS) established by Visa/MasterCard/Discover/AMEX/JCB
- If you're not in compliance with PCI DSS, you're putting your entire business at risk
- You must complete the certification on an annual basis.
Steps to complete the certification process and become compliant:
- Go to Trustwave's TrustKeeper website at https://login.trustwave.com to login to your account; if you have not set up an account start by doing so at https://pci.trustwave.com/elementps and click get started.
- If you have misplaced your Username or Password, please contact Vantiv Integrated Payments' Customer Care Center at 1.866.435.3636 to have your password reset. Please note, if you have changed your email address since first registering with Trustwave you will need to inform Vantiv Integrated Payments of your correct email and request they inform Trustwave of the new address.
- Follow the PCI Wizard tool to help you complete the steps necessary for PCI validation.
Why PCI Compliance: In the past several years there has been an increase in fraud due to customer credit card and personal information stolen from businesses and used for criminal activity. Because of this, the major card companies (Visa, MasterCard, Discover, AMEX, & JCB) have established a set of PCI Standards that all businesses that take credit cards must follow.
What happens if I chose not to go through the certification process: You will be liable for any breach that occurs at your business - the fines for non-compliance from the about credit card companies are heavy, beginning at $10,000 and going up to $50,000 per occurance. Bottom line is that if you incur a breach at your location and you are not PCI Certified, it could put you out of business. If you visit with another processor or ISO that markets credit/debit card services and they tell you that their company does not require PCI compliance, do not believe them. The risk is incurred by all processors and merchants.
Who does the certifications: There are several companies that have been approved to certify merchants. SDRA's processor, Vantiv Integrated Payments, has contracted with TrustWave, a PCI Qualified Security Assessor, that will do the certification for you and then report their findings directly to Vantiv Integrated Payments. Once you receive your certification from TrustWave, you can rest assured that Vantiv Integrated Payments has the information.
Do I have to get certified by TrustWave, the company that Vantiv Integrated Payments recommends: No, but it will cost you a lot less to use their recommended vendor and by using them, the results will automatically be reported to Vantiv Integrated Payments. If you have a certification from another vendor, you can provide Vantiv Integrated Payments with that information. From what we have been seeing, even for the smaller merchants, these other companies are charging atleast $200 per year for their certifications.
How do I get certified if I process credit/debit cards with a terminal that gets authorization through a phone line: You will go to Trustwave's TrustKeeper website and answer a questionnaire (SAQ) to provide information on how your business processes your credit/debit cards. If everything goes well, you will be certified immediately, but if vulnerabilities are found within your enviroment, it will be necessary for you to correct these issues before your compliance can be validated. You will be required to go through this certification process once a year. Because you are doing this certification online, TrustWave will have you e-mail address and will notify you next year when your recertification is due. There will be a charge of $8.95 per moth for the certification which will appear on your monthly statement. Additionally, after you are certified by TrustWave, your business will receive $100,000 in credit card breach insurance as part of this program.
What happens if I do not comply: Merchants who do not attest to compliance through TrustWave or submit the necessary documentation to Trustwave's TrustKeeper website that compliance has been done elsewhere will be assessed a non-compliance fee of $20 per month.
How does the $8.95 charge compare to other processors: Charges for compliance are all over the place. From what we are seeing, processors are charging anywhere from $15 to $45 per month for compliance.
Will this compliance procedure require me to buy a new terminal or software: If you process credit/debit cards using a terminal, you will not have to purchase a new terminal. If you process with a software program, depending on the age of your software, you may be required to update to a PCI compliant version of your current software.