The Payment Card Industry sets the standard for how merchants handle credit card data. The Industry is compiled of the 5 major credit card companies: Visa, MasterCard, American Express, Discover and Japan Card (JCB). These companies carry a large amount of risk on behalf of their card-holders and due to the increase of fraud and theft, the PCI Council mandated better handling practices at the merchant level. The merchant actually agreed to these terms when they signed the contract to accept credit cards. However, many merchants have not been complying with the terms of their contract which has contributed to the fraud and theft that we see today.
Therefore the PCI Council has set forth the PCI Compliance program to ensure better handling practices are being adhered to. Every merchant must prove that they are compliant. Proof must be validated by an Approved Scanning Vendor.
Compliance includes the following areas of each business:
— Secure terminals
— Truncating credit card #’s on all print-outs
— Triple DES encrypted pin pads
— Secure internet shopping carts
— Firewalls in place on computers
— Secure data storage if they are storing information
— Properly disposing of sensitive information if they are not storing it
— Staff accountability
Many of our merchants use a computer to process. They must understand the importance of computer security.
That’s why periodic scanning is mandated by the Industry and that’s takes more time…hence the increased cost. We are also held to the same PCI Compliance standards here at Metro. We must remain compliant as well to ensure a safe and secure transaction experience for everyone.
Each merchant must accept the responsibility of maintaining a secure atmosphere at the point of sale. All of these issues will be addressed in the Self-Assessment Questionnaire.
Metro Payment Technologies partnered with Control Scan to make this process as easy as possible. There are several companies who are approved by the PCI Council. We chose Control Scan because of their commitment to customer service and reasonable rates. Each merchant will receive a link to a website in an email that also contains a user name and password. A phone number is also included. The Self-Assessment Questionnaire will be found on this website. After submitting the SAQ, the merchant will be evaluated and either receives a certificate of compliance, or a list of what needs to be corrected. If they are not compliant, they will have 30 days from receiving the list to correct the non-compliant issues.
For more information about PCI Compliance, contact your Metro Representative.