Home arrow Products & Services arrow Security Compliance
Security Compliance PDF Print E-mail

eMerchantDiscount:

Payment Card Industry Compliance

image001.jpg

In response to the overwhelming occurrences of cardholder fraud and identity theft, the Payment Card Industry (PCI) Data Security Standard (DSS) was created by major credit card companies to safeguard customer information. Visa, MasterCard, American Express, and other credit card associations mandate that merchants and service providers meet certain minimum standards of security when they store, process and transmit cardholder data.

Payment Card Industry Data Security Standards (PCI DSS)

Detailed requirements for PCI DSS can be found by clicking the following link:
https://www.pcisecuritystandards.org/

  • Build and Maintain a Security Network
  • Protect Cardholder Data
  • Maintain a Vulnerability Management Program
  • Implement Strong Access Control Measures
  • Regularly Monitor and Test Networks
  • Maintain an Information Security Policy

eMerchantDiscount, in partnership with ControlScan, will continue to educate its merchants on the basics of data security and the mandatory industry requirements set forth by the Payment Card Industry Data Security Standards Council.

As an eMerchantDiscount merchant, ControlScan will provide you with the following:

  • Access to ControlScan’s Merchant Compliance Portal
  • Support for achieving PCI compliance certification
  • Support for maintaining PCI compliance certification

To get started call 1-800-879-6021 to talk to a ControlScan PCI Specialist or visit: https://www.pcigateway.com/emerchantdiscount

LEVEL

DESCRIPTION

REQUIREMENTS

DUE DATE

       

1

Over 6 million transactions/year

  • Annual On-site PCI Data Security Assessment
  • Quarterly Network Scan by a third party Approved Scanning Vendor

September 30, 2004

New level 1 merchants have up to one year from identification to validate

2

1 million to 6 million transactions/year

  • Annual PCI Self Assessment Questionnaire
  • Quarterly Network Scan by a third party Approved Scanning Vendor

New level 2 merchants:

September 30, 2007

3

20,000 to 1 million transactions/year

  • Annual PCI Self Assessment Questionnaire
  • Quarterly Network Scan by a third party Approved Scanning Vendor

June 30,2005

4

Under 20,000 transactions/year

  • Annual PCI Self Assessment Questionnaire
  • Quarterly Network Scan by a third party Approved Scanning Vendor

Validation requirements and dates are determined by the merchant's acquirer


To Learn more visit:

http://usa.visa.com/merchants/risk_management/cisp_merchants.html?it=l2|/merchants/risk_management/cisp.html|Merchants

Merchant Services - PCI FAQ's

What is the process to use ControlScan’s Sentry PCI for certification?

To get started call 1-800-879-6021to talk to a ControlScan PCI Specialist or visit:
https://www.pcigateway.com/emerchantdiscount

The easy to use Sentry PCI service includes:

  • Automated Self-Assessment Questionnaire and guidance
  • Scheduled and Automated Vulnerability Scans
  • Easy to Use Vulnerability patches for vulnerabilities found
  • Advanced false positive management
  • Streamlined auto-submission reporting to your merchant bank

Why is the Payment Card Industry (PCI) important?

As your merchant bank, Visa, MasterCard, AMEX and Discover require us to inform you about the required data security practices for merchants who process credit cards. The data security standards are set forth by the Payment Card Industry (PCI) and must be adhered to in order to protect your customer’s financial and personal data. The consequences of non-compliance include costly security breaches and substantial fines.

What is PCI?

The Payment Card Industry (PCI) Data Security Standards are association (VISA/MasterCard/AMEX) and industry mandated requirements for members, merchants, and service providers that store, process or transmit cardholder data. Merchants are responsible for the security of their cardholder data and must be compliant with standards that greatly reduce the opportunity for data to be compromised. To demonstrate compliance with the PCI Data Security Standard, merchants and service providers are required to conduct network security scans on a regular basis as defined by the PCI Security Standards Council. Additionally, merchants are required to complete an annual self-assessment questionnaire concerning their internal security measures.

Network Security Scans are an indispensable tool to be used in conjunction with a vulnerability management program. Scans help identify vulnerabilities and misconfigurations of web sites and IT infrastructures containing externally facing IP addresses. Vulnerabilities can be defined as certain weaknesses in areas of your website/server where hackers can gain access to your customers’ financial and personal data.

The results of these security scans provide valuable information that support efficient patch management, and other security measures, that improve protection against Internet hacking.

Your company’s website can now be scanned and become PCI Compliant by using ControlScan’s Sentry PCI. eMerchantDiscount has selected ControlScan as our Approved Scanning Vendor (ASV) to assist our merchants in becoming PCI Compliant.

Who has to comply with the Payment Card Industry Standards?

Network Security Scans apply to all merchants and service providers with external-facing IP addresses that store, process or transmit credit card data. Even if an entity does not offer web-based transactions, there are other services that make systems Internet accessible. Basic functions such as email and employee Internet access will result in the Internet-accessibility of a company’s network. These seemingly insignificant paths to and from the Internet can provide unprotected pathways into merchant and service provider systems and can potentially expose cardholder data if not properly controlled.

What is an Approved Scanning Vendor?

All PCI scans must be conducted by a third party compliant network security scanning vendor, selected from the list of approved vendors at https://www.pcisecuritystandards.org/ . We have selected ControlScan as eMerchantDiscount’s Approved Scanning Vendor. All compliant scanning vendors are required to conduct scans in accordance with a defined set of procedures. These procedures dictate that the normal operation of the customer environment is not to be impacted and that the vendor should never penetrate or alter the customer environment.

What are the certification levels and what do they mean?

A merchant’s compliance classification level is determined by annual transaction volume.

Information about merchant levels and service provider levels can be found at
https://www.pcisecuritystandards.org/.

How will ControlScan’s Sentry PCI help me to get certified?

ControlScan is certified as a PCI security scanning vendor and helps merchants and their consultants achieve compliance with the PCI Data Security Standard. ControlScan makes it easy for merchants to comply with PCI requirements. ControlScan’s Sentry PCI is an on demand compliance testing and reporting service. Using ControlScan’s Sentry PCI, merchants can run PCI compliance scans, complete PCI self assessment questionnaires and submit compliance reports directly to merchant banks. ControlScan’s on demand delivery model makes Sentry PCI available anytime from any browser, without software to install or maintain.

Is this a one-time requirement?

No, the card associations require merchants to be in compliance at all times. The requirement is comprised of two basic steps: the completion of an annual self-assessment questionnaire and quarterly network vulnerability scans that meet compliance standards. ControlScan’s compliance program provides simple-to-use tools for merchants that include quarterly vulnerability scanning, annual self-assessment, and proof-of-compliance auto submission.

What report am I required to send to my merchant bank?

The PCI Executive Report is must be submitted to your merchant bank. To meet PCI compliance, the PCI Executive Report must indicate an overall PCI compliance status of “Passed”. This status is reported only when the required vulnerabilities are fixed and validated by a PCI scan.

Login to: http://www.pcigateway.com/emerchantdiscount

Can I submit reports directly to my merchant bank?

A terrific advantage of working with ControlScan’s PCI service is that banks are able to sign up to use Sentry PCI, enabling them to view submitted PCI compliance documents and track PCI compliance status for their merchants through the Sentry PCI application.

Where do I find out more information about PCI?

More information about PCI can be found at the following sites:

https://www.pcisecuritystandards.org/

http://www.mastercardsecurity.com

http://corporate.visa.com/st/main.jsp

 
Login