Frequently Asked Questions
That's easy, to get started just click here to start your application.
a. Once completed application and supporting documents are received
a. For sales assistance, please call 800-848-9804
Last business day of the month
Feel free to call our support line at 800-848-9804
You can accept all major credit cards and debit cards. MasterCard, Visa, American Express, Discover, Diner's Club
Of course! We will send you a monthly statement - just like your bank.
9. If you have another question - submit it here
PCI Compliance: PCI DSS
Q: Does my business have to be PCI DSS compliant?
Yes. The Payment Card Industry Data Security Standard (PCI DSS) applies to every organization that processes credit or debit card information, including merchants and third-party service providers that store, process, or transmit credit card/debit card data.
Q: Is this mandatory?
Yes. However, according to the PCI DSS documentation, "PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted. If a PAN is not stored, processed, or transmitted, PCI DSS requirements do not apply."
Q: What is the PCI compliance deadline?
2010 for merchants
Q: What is the PCI DSS Visa CISP program?
For Visa, Inc., PCI DSS compliance includes following their Cardholder Information Security Program (CISP), along with the incorporated PCI DSS standards.
The CISP program includes compliance and validation requirements for the following entities:
Q: What is the MasterCard SDA program?
For MasterCard Inc., compliance and validation includes following its Site Data Protection (SDA) Program, along with the incorporated PCI DSS standards.
The SDA program includes compliance requirements for the following entities:
Merchants - All merchants must become PCI DSS compliant through completing the PCI Self Assessment, PCI Onsite Assessment and PCI Quarterly Network Scanning. While all merchants are required to comply with the Payment Card Industry Data Security Standard (PCI DSS), merchants that store, process or transmit MasterCard account data may also be required to validate compliance with their acquirer.
Service Providers -Third Party Processors (TPP), Data Storage Entities (DSE). Any service providers that store, process or transmit MasterCard account data on behalf of the merchant must also be compliant.
Vendors - Master Card provides a list of Approved Scanning Vendors (ASV), based on the testing requirements laid out in the PCI DSS standard for ASVs.
Acquirers - MasterCard works with acquirers to help merchants obtain SDA certification, as well as PCI DSS certification. The acquirer does not have to go through an SDA certification process, but the acquirer must manage the SDA process for their merchants. The acquirer must certify the merchants' compliance validation tools, as well as registering the merchant with MasterCard.
Q: What are PCI Compliance Merchant Validation Levels?
In order to be PCI DSS compliant, each card issuer has its own criteria for assigning a merchant level and validation compliance classification level for a merchant, third party or service provider.
The merchant level is based on transaction volume for the organization. The validation compliance level is based on the merchant level, and includes the validation actions and who needs to carry out the validation actions, in order to be PCI DSS compliant.
For the majority of organizations, the standards set forth by Visa's CISP program and MasterCard's SDP program covers the qualifications for assigning both a merchant level and compliance level - along with incorporating PCI DSS.
American Express and Discover, at this time, do not have a stringent program in place like Visa or MasterCard, however both companies have a 'best practices' document, which coincides with the PCI DSS.
Q: What are the 12 requirements for building and maintaining a secure network?
In order to build and maintain a secure network, and to comply with the PCI DSS, system components, network components, and data elements related to authorization, data retention, data storage and data transmitting must be secure.
More PCI DSS and PCI Compliance info coming - keep checking back!