The FYI on PCI
May 3rd, 2021
Our top priority is protecting your business and your customer’s data, and it’s a job we don’t take lightly. Ascent’s payment processing solutions are designed with security in mind so that your funds are completely secure through the entire funding process. Data breaches are becoming increasingly common, so merchants need to learn to protect themselves. Hackers can also target service providers, like software (SaaS) companies, to try to find a way to test and process stolen card data. Potential software vulnerabilities can be expensive and dangerous for merchant’s security and reputation.
So how can you tell if your software partner is secure and PCI compliant?
Companies that sell software, point of sale (POS), or other technical solutions that process credit or debit cards on behalf of their customer base are considered service providers.
Service providers that store, transmit, or process greater than 300,000 annually in transactional volume across the business’s software are considered Level 1 by the PCI DSS. These providers must be validated onsite by a qualified Quality Security Assessor (QSA), as well as demonstrate compliance via a Self-Assessment Questionnaire (SAQ) or Report on Compliance (ROC). They’re also responsible for successfully passing a quarterly network scan by a third-party and must complete the attestation of compliance form.
Level 2 Service Providers (300,000 or less annually) do not need to be validated onsite by a QSA but are required to provide an annual self-assessment with SAQ-D and should complete the remaining points to show compliance.
Ascent strongly recommends that ALL software providers, regardless of Level, certify their PCI compliance via annual third-party audits and quarterly network scans, to ensure any potential vulnerabilities are found and addressed quickly. We have communicated these recommendations to our software partners.
For merchants, PCI certification will save you money monthly and could save your reputation by helping avoid a beach. Most merchants in our industry are Level 4 (those who process fewer than 20,000 transactions per year), which helps streamline the requirements to meet PCI specifications.
The official PCI DSS website has several helpful resources to assist businesses with questions regarding compliance.
Do I need to be to PCI Compliant?
PCI Compliance or the Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards. The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council.
No matter the size of your business, you must comply with PCI standards. They are put in place to ensure all companies maintain a secure environment to take credit card transactions reducing the risk of fraud. We are here to help assist you in becoming PCI compliant within 30 days of signing up with us (at no cost to you). We believe that it is our job to ensure your business is as secure as possible.
What is the PCI DSS Self-Assessment Questionnaire?
This questionnaire is used to assess a merchant's card acceptance and processing environment. It includes questions to assess your risk level and compliance with card association requirements for cardholder data policies, procedures, administrative controls, access controls, and physical security measures. We have in-house experts to assist you with completing this questionnaire.
What happens if I am not PCI DSS Compliant?
If you are non-compliant, you are subject to additional fees each month and potentially fines from the card associations. If your security is compromised because of your non-compliance, you risk financial loss, additional fines, loss of business, damage to your company’s reputation, and other loss of critical systems.
Can Ascent help with your PCI certification?
Yes. We take data security very seriously and are happy to help you save money by assisting you with completing your PCI certification.
Ascent also has resources to help guide you through the PCI Compliance certification process; contact us at email@example.com to set up an appointment, fill out the form on the right, or give us a call at 888-721-9301.