When a business makes the decision to accept credit cards, it also accepts the responsibility to protect credit card data.  Most business owners want to do the right thing, but often times fall short when it comes to implementing safe business practices.  In response to increasing credit card fraud, the major credit card brands formed a Security Council to develop standardized regulations for the entire processing industry.  The resulting Payment Card Industry Data Security Standard (PCI-DSS www.securitystandards.org is in place to prevent credit card fraud at all levels.  These regulations apply to any merchant that has a Merchant ID number and processes, stores, or transmits credit card data.  Even if the merchant outsources credit card processing to a compliant service provider, they must complete the formal process of validating compliance by July 1, 2010.* 

Implementing small changes can have a big impact on your security. There are guidelines in the PCI-DSS that address internet security and payment applications, and also ones that address how businesses handle credit card data on a physical level. Assessing your vulnerabilities is a great way to fix potential issues and educate your staff. According to some reports, the majority of credit card fraud is caused by simple carelessness and theft (www.datalossdb.org/statistics). Office security policies that define procedures for changing passwords, storing information, and disposing of credit card data can make the difference between compliance and non-compliance. 

There are several steps every merchant must complete to become PCI Compliant:

·         Identify Validation Type (this is based on how credit card transactions are processed)

·         Complete the SAQ (Self Assessment Questionnaire)

·         Complete and provide evidence of a vulnerability scan, if necessary, from an approved vender on a quarterly basis.

·         Complete the Attestation of Compliance

·         Submit the SAQ/ Attestation of Compliance and evidence of a passing scan (if required) to acquirer.

·         Create comprehensive Security Policies and Procedures

To help you through this process, Affiniscape Merchant Solutions created a compliance program with all the tools you will need to meet that deadline.  We understand the unique needs of businesses and wanted to make the compliance process as easy and painless for you as possible.  Our program not only includes the Self Assessment Questionnaire, but also features unlimited support from PCI experts and a Security Policy Builder.  You can get more information about the program or get started today by visiting www.pcicentral.com.  For specific compliance questions, you may also contact Amy Airhart by emailing info@pcicentral.com or by calling 866-376-0947.