Pinnacle Pay Merchant Services, Provides Payment solutions for your business accept credit cards, credit card transaction processing, payment processing, internet payment processing,bankcard merchant services, payment solutions, credit card processing, ac

Home
Our Company
Products
Our Service PCI Security Apply / Info

	Overview
	Merchant Compliance Requirements
	What to Do if Compromised?
	Frequently Asked Questions
	DOCUMENTS
	Best Practices
	Visa Security Guide
	Visa eCommerce Risk Guide
	Certified Service Gateway Providers
	Validated POS Payment Applications
	Visa PCI CISP Document
	Self Assessment Questionnaire
	PCI Scanning Procedures
	PCI Data Security Standard
	LINKS
	Approved Scanning Vendors
	Qualified Security Assessors
	Visa Security and Risk Management
	PCI Security Standards Council

Payment Card Industry Data Security Standards

Protect Your Cardholder Data.

Frequently Asked Questions

Are all Merchants and Service Providers required to comply with the PCI DSS?
Yes. All entities (merchants or service providers) that store, process, or transmit cardholder data must comply with the PCI DSS. The requirements apply to all acceptance channels including retail (brick-and-mortar), mail/telephone order (MOTO) and eCommerce. Validation requirements vary depending on the number of transactions an entity processes.

Is this a one time requirement?
No. PCI DSS compliance is an ongoing process. Validation actions vary depending on the actual number of transactions you process. However, the credit card associations require all merchants to comply with PCI DSS at all times. There are two main components of validation for level 2 and 3 merchants:

	Completing the PCI Self-Assessment Compliance Questionnaire annually. (Click link or see documents for the pdf)
	Undergoing Vulnerability Scans performed by an Approved Scanning Vendor quarterly (See documents for pdf)

What is the PCI Self-Assessment Questionnaire?
The PCI Self-Assessment Questionnaire is a list of questions used to assess your compliance with the requirements of the PCI DSS. The questionnaire includes questions about your policies, procedures, administrative controls, access controls and physical security measures as they pertain to those systems that store, process or transmit cardholder data.

What is a Vulnerability Scan?
A vulnerability scan is an automated scan that assesses your network from the Internet to see if you have any vulnerabilities or gaps that may allow an unauthorized or malicious user to gain access to your network and potentially compromise cardholder data.

Is there a deadline to be compliant?
Yes. However, these deadlines depend on your merchant level. Your merchant level is determined by the number and type of payment card transactions you process in a year.

What if my business does not go through this compliance procedure?
If you do not comply with the security requirements of the card associations, you put your organization at risk of payment card compromise. PinnaclePay Merchant Services and Chase Paymentech may also pass fines levied by the card associations for non-compliance on to you.

Can our internal staff validate our compliance?
The card associations require that you use an Approved Scanning Vendor to perform the quarterly vulnerability scans. However, your internal staff can complete the Annual PCI Self-Assessment questionnaire.

How long will this take?
The length of the process varies. Once non-compliance issues have been identified, the length of time it takes an organization to implement solutions to resolve the issues will affect the length of the PCI DSS compliance process. The length of time also varies depending on the resolution and the complexity of the environment.


	[Home Page] [Our Company] [Products/Markets] [Our Service] [Contact Us]


	Copyright 2005 PinnaclePay Merchant Services Inc. sales@pinnaclepay.com

		Site developed by Reach2save.com