Home » Buyer Guides » PCI Compliance Buyer's Guide

PCI Compliance

What is PCI?

The term "PCI compliance" comes from the Payment Card Industry Data Security Standard, a set of requirements designed to prevent or minimize cardholder data breaches for businesses. These standards range from data encryption to data retention, and apply to all businesses that process, store, or transmit credit card information. These requirements are intended to ensure that any merchant with a Merchant ID (MID) maintains a secure environment.

The general requirements for PCI DSS, as stated on the PCI security standards website are as follows:

Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12:Maintain a policy that addresses information security

These requirements may seem daunting, but it boils down to making sure your customers' credit card data doesn't get into the wrong hands. Most payment terminals available today are PCI compliant by design, so if you are unsure of your POS Software's PCI compliance, a payment terminal is a smart addition. If you would like to verify your POS Software's PCI Compliance, the PCI Security Standards Council has a page listing PCI Compliant Software.

What are the PCI Compliance Deadlines?

Summarized below are the five payment application security mandates that have been, or will be, implemented.

Phase Compliance Mandates Effective Date
I. Newly boarded merchants must not use known vulnerable payment applications, and VisaNet Processors (VNPs) and agents must not certify new payment applications to their platforms that are known vulnerable payment applications 1-1-08
II. VNPs and agents must only certify new payment applications to their platforms that are Payment Application Best Practices (PABP)-compliant 7-1-08
III. Newly boarded Level 3 and 4 merchants must be PCI DSS compliant or use PABP-compliant applications 10-1-08
IV. VNPs and agents must decertify all vulnerable payment applications 10-1-09
V. Acquirers must ensure their merchants, VNPs and agents use only PABP-compliant applications 7-1-10

Phase V Details (July 1, 2010)
Phase V mandates the use of payment applications that support PCI DSS compliance, requiring acquirers, merchants and agents to use only those payment applications that can be validated as PABP-compliant. It is important to note that the deadline for Phase V is aligned with the Triple Data Encryption Standard (TDES) usage mandate for all POS PIN-entry devices to be using TDES to protect PINs. Additionally, all attended POS PIN-entry devices must be evaluated by a Visa-recognized laboratory and approved by Visa prior to this same date.

For more information, downloadable pdfs and key dates visit Visa's Website.

What are the Penalties for Noncompliance?

If you are charged with PCI compliance violations you risk being fined anywhere from $5,000 to $100,000 per month. Payment brands will likely fine an acquiring bank who will then pass this charge on until it reaches the merchant. You also run the risk of losing your relationship with your bank, accruing higher transaction fees, or losing credit card acceptance privileges all together. These penalties can be very detrimental to small businesses, so don't take a chance.

Let POSGuys.com help you set up a merchant account with our partners at Payment Processing Inc. and get PCI compliant today.

Why PPI?

Our partners at PPI are the industry leader for integrated payment solutions. When you are approved for a merchant account with PPI, you get a complete payment processing solution for the life of your account. This includes toll-free, in-house support, a 24/7/365 help desk, complete administrative support for all banking and transactional questions, cusomizable add-ons and more! You'll work with a dedicated team and be provided with all the software and middleware required to ensure that your account setup or transition is seamless. And there's no reason to change your current banking relationship because PPI will deposit funds directly into your existing bank account!

PCI Compliant Processing Software/Hardware
As part of the combined efforts of POSGuys and PPI, these credit card processing terminals and processing software are available at a steep discount with any new PPI credit card processing account. The terminals follow the PCI standards to a T, so even if you're unsure of your POS software's compliance, these terminals will guarantee it.
PC Charge Software
PC Charge software can integrate with many POS software packages, allowing you to run credit transactions directly in the software. This software can process EBT, checks, credit, gift, and debit cards, and can connect via dial-up modem or broadband connection.
FREE with new PPI account!

First Data FD50
A fast, reliable, and secure method for processing transactions at your business. Includes both an Ethernet and Modem connection. For payment versatility, the FD50 supports processing for ATM, debit, EBT transactions and check payments.
Product dependent upon approval of merchant account via PPI

Verifone Nurit 5000S
Ideal for mobile payment solutions anywhere that running a phone or ethernet line is not an option. GSM/GPRS support as well as 802.11b allows the Nurit 5000S to securely post transactions wherever you get a signal.
Product dependent upon approval of merchant account via PPI

Mag-Tek Centurion
A secure method to capture and read credit card data. When programmed by your credit card processing company, the Centurion uses Triple DES encryption to send information to the processor. Even if the data is intercepted by a third party, they will not be able to do anything with it.
Future-proof card capturing technology!

PCI Compliant POS Software
POSGuys.com offers software that has been verified as PCI Compliant, ensuring that you can move ahead without fear of penalty fees. These software packages pass credit card data straight to the processor, without storing information, mitigating the risk of data theft.
Aldelo For Restaurants and EDC
Aldelo Restaurant POS Software uses their own processing software, known as EDC, to send credit card information on to the payment processor. Pro for Restaurants scales easily, growing with your restaurant and eliminating employees waiting for a free order station. EDC also provides the option to support encrypted card readers, further securing your customers' credit card data.
Proxis Store Manager 5
Store Manager 5, when combined with the integrated PPI PayMover software, gives your business PCI Compliance and an easy-to-use system. Ideal for retailers, Store Manager 5 can work as a standalone station or networked with other checkstands, giving you tremendous growth potential. Store Manager 5 doesn't store any credit card data and PayMover is compatible with encrypted card readers, so the risk of data theft is virtually eliminated.