Payment Card Industry Data Security Standards (PCI DSS)

What are Payment Card Industry Data Security Standards?
Visa® and MasterCard® have mandated compliance standards to ensure cardholder data (e.g. cardholder name, account number, expiration date) is processed, transmitted, stored and/or retained in a secure manner. Under NO circumstances should card track data (cardholder data contained in the magnetic stripe) be stored.

Who must comply with these standards?
All merchants accepting credit and debit card transactions must comply with PCI DSS.

What do I need to do?
You may need to complete a Self-Assessment Questionnaire and perform a Quarterly Network Scan on your system to detect potential vulnerabilities. Contact a vendor that has been certified (called an Approved Scan Vendor or ASV) to perform network scans. A Qualified Security Assessor (QSA) can help you assess other risks, and comply with the PCI security audit procedures if applicable. Both may help you complete portions of the PCI self-assessment questionnaire to help you become compliant with the PCI DSS.

If you have not yet engaged an ASV, log on to www.ncmerchantservices.com/trustkeeper and enter code NC4WEB for preferred pricing offered by Trustwave®, a leading data security firm. Or call 888.878.7817.

What if I don’t comply?
You could face significant fines and be financially responsible for any transactions that may become compromised at your location or any other merchant location where the compromised card is used fraudulently.

Where can I get more information on PCI DSS and alternate vendors?

• Visa Cardholder Information Security Program: www.visa.com/cisp
• MasterCard Site Data Protection Program: http://sdp.mastercardintl.com
• Call the Customer Service phone number provided in your Welcome Kit and/or your monthly Merchant Statement.
• Visit our PCI Data Security Standards FAQ
• PCI Security Standards Council