Rent Manager PCI DSS
PCI DSS (Payment Card Industry Data Security Standard) is the compliance organization that was created by Visa, MasterCard, American Express and Discover Card to join forces to battle card holder information theft through education and validation of security in every aspect of business. In your merchant agreement, note that the merchant is responsible for maintaining compliance standards per the card associations. Until now that was sufficient. Through the outbreak of cybercrime and cardholder theft, it has become the goal of the card associations through the PCI Security Council to help merchants validate that they are doing so. Please note that this is not avoidable, no matter who your merchant account is through. In fact, all new merchant accounts must prove compliant with the PCI DSS before they can be approved as of October 1st, 2008.
JetPay has been working on providing a PCI Compliance program that will help its merchants validate compliance as it is necessary to keep a merchant account active. Our compliance program includes the necessary Self Assessment Questionnaire that must be completed by each merchant. If you have any outgoing IP addresses in your network (web interface for payments) - then this also includes the scanning of one IP as to be fully compliant, you also need a quarterly scan done to your network to ensure information is secure in each step of a transaction's life.
The insurance portion has been included in the compliance program as we are finding more and more of our merchant banks are requiring that JetPay have PCI breach insurance on our accounts. This is to help protect you against a PCI data breach and the fines that can and have lead to the collapse of businesses. Forensic fines for investigating a breach of data can be devastating - thus our basic insurance provides $50,000 in coverage for each merchant account for any one incident or in any year.
As Required by the regulations passed down by the card associations through the PCI Security Council please follow the links below for more information:
. For any and all PCI information:PCI Standards
. For details about which Self Assessment Questionnaire you would qualify for: Self Assessment Instructions
. As an industry leader, Visa has the best general explanation of PCI DSS on the net: VISA PCI DSS Information
Please note you do not have to use our PCI Compliance plan. You may opt to research becoming PCI DSS compliant yourself by completing the SAQ, getting an ASV (approved scanning vendor) to scan your network and activate a PCI breach insurance policy. We have negotiated on the behalf of all of our merchants to put together a economical, effective way of addressing all these needs so merchants don't have to work this out individually. Several other merchant service providers are either charging much higher premiums (which typically do not include insurance) or just billing a 'Non-compliance' fee without any option to a program.