Login to eMerchantGateway
eMerchant eMerchant
  • Our Services
    • Merchant Accounts
    • Payment Gateways
    • Virtual Terminals
    • Retail Terminals/POS
    • eCommerce Platform
    • Business Loans
  • Gateways
    • eMerchantGateway
    • Authorize.Net
    • USAePay
    • Cybersource
    • PayFlow Pro
    • NMI Payment Gateway
  • Integrations
    • eCommerce Integration
    • Enterprise Software Integrations
    • Retail Terminals/POS Integrations
  • Resources
    • column 4
      • Payment Security
        • Fraud Prevention
        • Payment Tokenization
        • EMV
        • PCI Compliance
    • Column 5
      • Resources
        • What is Payment Processing?
        • New Merchant Accounts
        • eCommerce Merchants
        • blog
  • Community
Gateway Login
Get More Info
eMerchant

PCI Compliance

Critical data security and protection for your business

GET MORE INFORMATION

eMerchant provides the resources and expertise to help you be PCI compliant

Although PCI compliance is not a federal law, merchants must follow the PCI compliance requirements in order to accept credit cards as form of payment. Non-compliant merchants risk facing fines and much worse.

What does PCI stand for? It’s an acronym for Payment Card Industry and represents the major brands: MasterCard, Visa, Discover, JCB and American Express. In 2006, they joined together to create a common set of standards for data security and protection in payment processing resulting in the term PCI-DSS (Payment Card Industry Data Security Standard).

What is PCI compliance? Any organization or merchant – regardless of their size or number of transactions – that accepts, transmits or stores any cardholder data, must meet the common set of standards that were established. Cardholder data is defined as the full Primary Account Number (PAN) or the full PAN along with any of the following elements:

  • Cardholder name
  • Expiration date
  • Service code
  • Sensitive Authentication Data (SAN), which must also be protected, includes full magnetic stripe data, CAV2, CVC2, CVV2, CID, PINs, PIN blocks and more.
coverforwebsite_pcicompliance
This content is blocked, please review your Privacy Preferences

This compliance is enforced by the credit card companies and each brand has their own fines and penalties. In the event of a data breach, if your business is not PCI compliant, you will be assessed. Merchant banks also take this compliance seriously and a lack of PCI compliance could cause you to lose your merchant account. That would prevent you from processing any credit card transactions.

The compliance standards vary within four levels that are based on transaction volume: Level 4 is the lowest volume with less than 20,000 annual transactions, and Level 1 is over 6 million. Compliance will vary, but merchants may be required to be evaluated by a third party, do self-assessments and supply other types of documentation. Using an online payment gateway could alleviate part of your PCI compliance burden. eMerchantGateway uses payment tokenization technology to secure sensitive customer payment information.

It is important to be familiar with your merchant account agreement, which should outline your requirements. Leveraging 18+ years of experience, eMerchant account managers are available to answer your questions and provide you with tools and education to ensure you stay PCI compliant. Contact us today for assistance!

What is PCI compliance?

The Payment Card Industry Data Security Standard (PCI-DSS) is a set of requirements designed to ensure that ALL companies who process, store or transmit credit card information maintain a secure environment for customer data. This essentially applies to any merchant that has a Merchant ID (MID). The Payment Card Industry Security Standards Council (PCI-SSC) is an independent body created by the major credit card brands (Visa, MasterCard, American Express, Discover and JCB), and was launched on September 7, 2006 to manage the ongoing evolution of Payment Card Industry (PCI) security standards, with a focus on improving payment account security throughout the transaction process. The PCI-DSS is administered and managed by the PCI-SSC (www.pcisecuritystandards.org). It is important to note that the individual payment brands and acquirers are responsible for enforcing compliance, not the PCI council. A copy of the PCI-DSS is available here.

To whom does PCI apply?

PCI applies to ANY organization or merchant – regardless of their size or number of transactions – that accepts, transmits or stores any cardholder data. To put it another way: if any customer of that organization or merchant ever pays them directly using a credit or debit card, then the PCI-DSS requirements apply.

Where can I find the PCI-DSS?

The current PCI-DSS documents can be found on the PCI Security Standards Council Website.

What are the PCI compliance “levels” and how are they determined?

All merchants will fall into one of four merchant levels based on Visa transaction volume over a 12-month period. Transaction volume is based on the aggregate number of Visa transactions (inclusive of credit, debit and prepaid cards) from a merchant Doing Business As (DBA). In cases where a merchant corporation has more than one DBA, Visa acquirers must consider the aggregate volume of transactions stored, processed or transmitted by the corporate entity to determine the validation level. If data is not aggregated – i.e. the corporate entity does not store, process or transmit cardholder data on behalf of multiple DBAs – acquirers will continue to consider the DBA’s individual transaction volume to determine the validation level.

The merchant levels as defined by Visa are:

Merchant Level Description
1 A.) Any merchant — regardless of acceptance channel — processing over 6 million Visa transactions per year.

B.) Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.

2 Any merchant — regardless of acceptance channel — processing 1 million to 6 million Visa transactions per year.
3 Any merchant processing 20,000 to 1 million Visa e-commerce transactions per year.
4 Any merchant processing less than 20,000 Visa e-commerce transactions per year, and all other merchants — regardless of acceptance channel — processing up to 1 million Visa transactions per year.

 

If I only accept credit cards over the phone, does PCI still apply to me?

Yes. All business that store, process or transmit payment cardholder data must be PCI Compliant, regardless of how they acquire that data.

Do organizations using third-party processors have to be PCI Compliant?

Yes. Merely using a third-party company does not exclude a company from PCI Compliance. It may cut down on their risk exposure and consequently reduce the effort to validate compliance. However, it does not mean they can ignore PCI.

My business has multiple locations, is each location required to validate PCI Compliance?

If your business locations process transactions under the same Tax ID, then typically you are only required to validate once annually for all locations. You must also submit quarterly passing network scans by an PCI-SSC Approved Scanning Vendor (ASV), if applicable.

What is defined as “cardholder data”?

The PCI-SSC defines “cardholder data” as the full Primary Account Number (PAN) or the full PAN along with any of the following elements:

  • Cardholder name
  • Expiration date
  • Service code

Sensitive Authentication Data (SAN), which must also be protected, includes full magnetic stripe data, CAV2, CVC2, CVV2, CID, PINs, PIN blocks and more.

What are the penalties for non-compliance?

The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI Compliance violations. The banks will most likely pass this fine along until it eventually hits the merchant. Furthermore, the bank will most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can be catastrophic to a small business.

It is important to be familiar with your merchant account agreement, which should outline your exposure to violations.

It is YOUR responsibility, as a merchant accepting credit and debit card payments, to safeguard customer card data by becoming PCI compliant.

Payment Processing:

  • eCommerce Business
  • Nonprofits
  • Service Businesses
  • Wholesale / B2B
  • Retail Stores
  • Mobile Merchant

Having a direct Merchant account to accept Credit Cards provides many advantages

Increased Sales

by providing more payment choices

Enhanced Perception

All large successful sites accept credit cards directly

Increased Cash Flow

by getting your money into your home back account quicker

The eMerchant “Advantage”

Multiple Banking Partners – We provide the right fit for your growing business which includes best rates, most generous processing limits, quickest funding and most liberal approvals.

Multiple Gateway Choices – Plugging into any shopping cart is never a problem for eMerchant.

Multiple Hardware Options – Find the right terminal or Wireless Device with our knowledgeable staff

Old Fashioned, “Customer Comes First” attitude! Contact us today to speak with one of our credit card processing experts.

Get Started Today

Give us a call at 866-979-0260 or click the button below.

CLICK HERE TO GET MORE INFORMATION

Services:

  • Payment Gateways
  • Merchant Accounts
  • POS Retail Terminals
  • Virtual Terminals
  • eCommerce Platform
  • Business Loans

About Us:

  • Message from the CEO
  • Job Opportunities
  • Contact Us
  • Sitemap

Websites:

  • eMerchant.com
  • eMerchantAssociation.com

Subscribe to Newsletter:

emerchant_header_1

Aliso Viejo Office:
27422 Aliso Creek Rd, Suite 200
Aliso Viejo, CA 92656
(866) 979-0260

Email:

  • talk@emerchant.com
  • support@emerchant.com

About:

As a premier eCommerce Merchant Services Provider, eMerchant has been specializing in eCommerce Payment Solutions since 2002.

© 2023 copyright eMerchant Inc.  Terms | Privacy Policy

eMerchant is a registered ISO/MSP with Fifth Third Bank, 38 Fountain Square Plaza, Cincinnati, OH 45263.