Become Compliant or Renew Your PCI Compliance TODAY!!!
Compliance is mandatory and it's smart. Businesses that are not PCI compliant are at greater risk for security breaches and are subject to heavy penalties. Noncompliance could be the first step to failure.
PCI compliance may seem complicated but it's really not.
- If your business accepts credit cards/debit cards/EBT's, you must meet the Payment Card Industry Data Security Standard (PCI DSS) established by Visa/MasterCard/Discover/AMEX/JCB
- If you're not in compliance with PCI DSS, you're putting your entire business at risk
- You must complete the certification on an annual basis.
Steps to complete the certification process and become compliant:
- Go to Trustwave's TrustKeeper website at https://login.trustwave.com to login to your account; if you have not set up an account start by doing so at https://login.trustwave.com/portal-core/home/pci-user-registration/sponsorCode=merps&locale=en_us and fill in your information.
- If you have misplaced your Username or Password, please contact Worldpay's Customer Care Center at 1.866.435.3636 to have your password reset. Please note, if you have changed your email address since first registering with Trustwave you will need to inform Worldpay of your correct email and request they inform Trustwave of the new address.
- Follow the PCI Wizard tool to help you complete the steps necessary for PCI validation.
Why PCI Compliance: In the past several years there has been an increase in fraud due to customer credit card and personal information stolen from businesses and used for criminal activity. Because of this, the major card companies (Visa, MasterCard, Discover, AMEX, & JCB) have established a set of PCI Standards that all businesses that take credit cards must follow.
What happens if I chose not to go through the certification process: You will be liable for any breach that occurs at your business - the fines for non-compliance from the about credit card companies are heavy, beginning at $10,000 and going up to $50,000 per occurance. Bottom line is that if you incur a breach at your location and you are not PCI Certified, it could put you out of business. If you visit with another processor or ISO that markets credit/debit card services and they tell you that their company does not require PCI compliance, do not believe them. The risk is incurred by all processors and merchants.
Who does the certifications: There are several companies that have been approved to certify merchants. SDRA's processor, Worldpay, has contracted with TrustWave, a PCI Qualified Security Assessor, that will do the certification for you and then report their findings directly to Worldpay. Once you receive your certification from TrustWave, you can rest assured that Worldpay has the information.
Do I have to get certified by TrustWave: No, but it will cost you a lot less to use their recommended vendor and by using them, the results will automatically be reported to the processor. If you have a certification from another vendor, you can provide the processor with that information.
What happens if I do not comply: Merchants who do not attest to compliance through TrustWave or submit the necessary documentation to Trustwave's TrustKeeper website that compliance has been done elsewhere will be assessed a non-compliance fee per month.
Will this compliance procedure require me to buy a new terminal or software: If you process credit/debit cards using a terminal, you will not have to purchase a new terminal. If you process with a software program, depending on the age of your software, you may be required to update to a PCI compliant version of your current software.