Payment Card Industry Data Security Standards (PCI DSS) FAQs

  • No. As a valued merchant customer, you are automatically registered in the PCI DSS Program with our third-party PCI compliance administrator, Security Metrics®. You still need to become PCI DSS compliant. You can open an account with SecurityMetrics, and complete compliance requirements online.

  • Not necessarily. Other processors may mandate compliance, charge a high fee and provide little or no support. Some may even require you to seek compliance on your own. It‘s important to work with a processor that provides a source to ensure you meet all PCI DSS requirements to help protect you and your customers’ data.

  • The cost for all of the PCI DSS Program benefits is only $90 per account, per year, regardless of the size of your business. Most credit card processors are charging much more for little or no additional protection.

  • Contact SecurityMetrics to update your annual compliance certificate prior to your anniversary expiration date. SecurityMetrics will send you reminders prior to expiration.

  • PCI DSS stands for Payment Card Industry Data Security Standards (PCI DSS). PCI DSS is a set of rules established by the PCI Security Standards Council and enforced by the credit card associations (Visa®, Mastercard®, Discover®, etc.) to help avoid breaches and protect consumers from compromises of personal data and credit card numbers.

  • It is a requirement of the credit card associations (Visa, Mastercard, Discover, etc.) of all processors and businesses that accept credit cards. It is an effort to protect you and your customers’ sensitive data.

  • Data breaches are costing credit card associations billions of dollars a year, which affects your rates. Credit card association and regulatory fines are costly. PCI compliance is a continuous process requiring diligent attention.

  • If a breach is suspected, the card associations may require an independent PCI DSS certified forensics security examiner to inspect merchant business security practices. This examination is performed at your expense and may take several days or weeks.

  • Security policies are thoroughly reviewed and evaluated. Phone lines, computers, modems, routers, servers, workstations, firewalls, software and virus protection are thoroughly inspected. Network service and IP connections are manually tested for security weaknesses.

  • Absolutely. If you'd like to talk to someone, please call 1-800-437-0712 and choose Option 8. A SecurityMetrics representative will guide you on the steps you need to take to become PCI DSS compliant.

  • Millions of electronic credit card records are stolen every year and nearly all data losses are the result of hackers finding and exploiting relatively well-known and understood weaknesses (vulnerabilities) in websites, servers or networks. Breaches can also be the result of human error, e.g., lost laptops, inadvertent posting of data online, misplaced data, etc.

  • No. In fact, hackers and thieves know larger business typically have more resources to spend on data security systems, so they are more likely to target smaller merchants.

  • Yes, the credit card associations require processing companies and their customers to be PCI DSS compliant.

  • You will still be automatically registered and billed once a year. Even if you are compliant with another vendor, you need to be compliant with SecurityMetrics to avoid a monthly noncompliance fee. As a result, you may choose to cancel services with your other PCI provider.

  • Online questionnaires are no longer acceptable. For your protection, we require that a Qualified Security Assessor (QSA) verify your compliance with PCI DSS standards and certify that you have performed the appropriate self-assessment questionnaire. SecurityMetrics provides you with a source to do so.

This website uses first party and third party cookies to improve your experience and anonymously track site visits. By visiting this website, you opt-in to the use of cookies. OK