pci / PCI-DSS
PCI DSS (Payment Card Industry Data Security Standard) is the compliance organization that was created by Visa, MasterCard, American Express and Discover Card to join forces to battle card holder information theft through education and validation of security in every aspect of our business.
In your merchant agreement, there is a note that the merchant is responsible for maintaining compliance standards per the card associations. Until now that was sufficient. Through the outbreak of cybercrime and cardholder theft, it has become the goal of the card associations through the PCI Security Council to help merchants validate that they are doing so. Please note that this is not avoidable, no matter who your merchant account is through. In fact, all new merchant accounts must prove compliant with the PCI DSS before they can be approved - that was the latest change as of Visa's last mandate, which went into effect October 1st, 2008.
Effective now, merchants are required to be PCI Compliant. All merchants are required to complete a Self-Assessment Questionnaire (SAQ). Additionally, for those merchants utilizing IP terminals and/or POS interfaces, vulnerability scanning must be performed by a Security Council approved third party vendor. The list of Approved Scanning Vendors (ASV) can be found here:Approved Scanning Vendor List
JetPay PCI Compliance Plan Info
JetPay Merchant Services has a PCI Compliance program that helps merchants validate compliance as it is necessary to keep a merchant account active. Our compliance program includes the necessary Self Assessment Questionnaire that must be completed by each merchant. If you have any outgoing IP addresses in your network (web interface for payments) - then this also includes the scanning of one IP as to be fully compliant, you also need a quarterly scan done to your network to ensure information is secure in each step of a transaction's life. The insurance portion has been included in the compliance program as we are finding more and more of our merchant banks (we deal with several) are requiring that we have PCI breach insurance on our accounts. This is to help protect you against a PCI data breach and the fines that have ruined more than one business. Forensic fines for investigating a breach of data can be devastating - thus our basic insurance provides $50,000 in coverage for each merchant account for any one incident or in any year.
Please note you do not have to use our PCI Compliance plan. You may opt to research becoming PCI DSS compliant yourself by completing the SAQ, getting an ASV (approved scanning vendor) to scan your network and activate a PCI breach insurance policy. We have negotiated on the behalf of all of our merchants to put together a cheap, effective way of addressing all these needs so merchants don't have to work this out individually. Several other merchant service providers are either charging much higher premiums (which typically do not include insurance) or just billing a 'Non-compliance' fee without any option to a program.