CREDIT CARD FRAUD, SECURITY AND PCI COMPLIANCE

Credit card and check fraud costs consumers, merchants and financial institutions $51 billion a year.* If you are already accepting credit cards, or plan to, you are probably well aware of all the advantages accepting credit cards provides for you, by building your business and giving your customers more payment options. The security of cardholder information is important to both your customers and your business.

The Payment Card Industry Data Security Standard (PCI DSS) was created by the five major credit card companies as a guideline to help business owners implement the necessary hardware, software and other procedures to guard sensitive credit card and personal information. PCI DSS is a set of requirements for enhancing payment account data security. PCI compliance means that your business is exhibiting the best practices to prevent cardholder information or data security breaches.

One of the most significant PCI DSS requirements is that merchants may not store magnetic-stripe data after an authorization is obtained on a credit card. So magnetic-stripe data must be purged from your records, and from any system you use, after authorization. Generally, stand-alone dial-up terminals that communicate directly with networks do not store prohibited magnetic-stripe data after authorization. However, if you use payment processing software or have a third-party provider transmit cardholder data, you need to find out about your responsibilities.

The minimum requirement to become PCI compliant is to complete a Payment Card Industry Data Security Standard Self-Assessment Questionnaire (SAQ) on an annual basis and achieve a passing score. If you electronically store cardholder information or if your processing systems have any Internet connectivity, a quarterly scan by an approved scanning vendor is also required.

The length that a PCI compliance certificate is valid depends on whether your business requires a questionnaire and, where applicable, a scan. If your business requires only the questionnaire, the PCI certification is valid for one year. If your business also requires quarterly scans, the PCI certification is valid for three months, at which time your next quarterly scan will be due.

If your business fails to comply with PCI DSS, you should know that you risk substantial fines-and even risk losing your ability to process credit card payments. Elite Merchant Solutions has partnered with a certified company to ensure your business is PCI compliant and help you evaluate the status of your account, to assist with any necessary remediation efforts and to certify your account's PCI compliance..

For more information on credit card acceptance and PCI compliance, please call your sales representative with any questions or concerns.