PCI: What It Is

If your business accepts or processes payment cards, it must comply with PCI DSS (Payment Card Industry Data Security Standards). All businesses and merchants that store, process and/or transmit cardholder information are required to be PCI Compliant.

The PCI DSS was created in collaboration with the different payment card brands: American Express, Discover, JCB, MasterCard and Visa. The requirements are designed to reduce payment card compromises and data theft by helping you secure your customer’s sensitive information and reduce your vulnerability to attacks.

By being PCI Compliant, a merchant can rest assured knowing that they have taken the steps to protect themselves from fraud and, in turn, not be liable for a security breach. Furthermore, customers feel more secure when they see a PCI Compliant logo on a website. This can increase revenue and ensure customer satisfaction.

Penalties for Non-compliance

Merchants may be fined up to $500,000 per incident if they are not PCI Compliant at the time of a security breach.

Consequences for affected organizations may include:

  • Regulatory notification requirements
  • Loss of reputation
  • Loss of customers
  • Potential financial liabilities (for example, regulatory and other fees and fines)
  • Litigation

Become Compliant

As a merchant who stores, process, or transmits payment card data, you are required to be PCI DSS Compliant by the card brands and National Merchants Association. As part of your membership package with National Merchants Association, we help you become PCI Certified. One of our experts will help your business become certified immediately upon receipt of your terminal or virtual gateway. We will walk you through these two easy steps to PCI DSS Compliance:

1) An annual Self-Assessment Questionnaire (SAQ) to determine if you are taking proper precautions to protect your payment card data, similar to an insurance questionnaire, done via internet by visiting the website below.

  • If you do not have access to the internet, one of our experts will provide you with a copy of your SAQ to sign and submit for PCI Compliance.
  • No scan needed for Dial-up or if you fall under the category of CV-T.

2) Quarterly security scans if your systems are connected to the Internet. The scans look for weaknesses that an attacker might use to access your systems. A PCI-Certified Approved Scanning Vendor (ASV), such as NMA’s partner, 403 Labs, must conduct these scans.

Most providers charge a monthly and/or annual fee for PCI Compliance. This can range anywhere from $30-$60 a month up to $2500 per year. PCI scans may run up to thousands of dollars depending on the size of the business.

National Merchants Association is pleased to offer our PCI Compliance program for a low monthly fee of $7.95 (Card-present) or $9.95 (Card-not-present), an incredible value.