To help prevent cardholder fraud and identity theft, Visa, MasterCard, American Express and Discover require all merchants who accept credit and debit cards to be PCI DSS-compliant (Payment Card Industry Data Security Standard).
NCMIC & Professional Solutions have created this site for our valued merchant customers to answer some of your questions regarding the PCI DSS and to help you with your compliance requirements.
What is the PCI Data Security Standard?
The standard is a collection of data security best practices and is mandated by all of the major credit card companies to ensure cardholder data (e.g. cardholder name, account number, expiration date) is processed, transmitted, stored and/or retained in a secure manner.
Who must comply with this standard?
All merchants accepting credit and debit card transactions must comply with the PCI standard.
What do I need to do to become PCI-compliant?
Depending on how you process card data, some portions of the standard may not apply to your business. Thus, you will need to determine the appropriate PCI validation process to follow, based on your processing practices. The end result will be a self-assessment questionnaire. You may also need to have your Internet-connected system(s) or web sites scanned on a quarterly basis.
How do I become compliant?
We've selected SecurityMetrics as our 3rd party provider of choice and negotiated special pricing on your behalf. They will help you determine which PCI validation path applies to your business and can then help you become PCI-compliant. They will also report your compliance status to NCMIC/Professional Solutions on a regular basis. You can contact SecurityMetrics at 1-800-437-0712, option 8, with any questions or start now by taking a questionnaire through SecurityMetrics – click here.
Are there other PCI-compliance vendors to choose from?
Yes, however, you or your vendor must notify NCMIC/Professional Solutions quarterly so that we can maintain an updated recorded of your PCI-compliance status. We recommend you work with SecurityMetrics because they report your status to us directly so you maintain continued PCI compliance.
How much will this cost?
It depends on how you process data. If you have Internet access or a website, transact business via the web or store cardholder information on-site, the annual cost through SecurityMetrics for testing a single Internet connection is $139.99 per year. In certain circumstances, you may only be required to complete the questionnaire to maintain your PCI-compliant status. The annual cost for this is only $24.95. For more information, call SecurityMetrics at 1-800-437-0712, option 8 or click here to enroll online.
What do I get for this cost?
With SecurityMetrics, you'll receive unlimited customer service and technical support for your PCI validation service regardless of your required level of compliance. Both pricing levels include the cost for completing the annual questionnaire. If you require a higher level of compliance, SecurityMetrics will also perform quarterly scans, which will identify if you are at risk for security breaches. In either case, SecurityMetrics will report your compliance status to NCMIC/Professional Solutions so that you remain PCI-compliant.
CLICK HERE to become compliant today.
Professional Solutions Financial Services is a division of NCMIC Finance Corporation. Credit Card Processing offered by NCMIC Finance Corporation.