Home   |   Merchant Services   |   Affiliate Program   |   Credit Rehab Assistance

June 2010 Issue

Product Spotlight

PCI Compliance

Q: What is PCI?

A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.  Essentially any merchant that has a Merchant ID (MID).

The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with focus on improving payment account security throughout the transaction process.  The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.).  It is important to note, the payment brands and acquirers are responsible for enforcing compliance, not the PCI council.

Q: To whom does PCI apply?

A: PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data.  Said another way, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply. 

Q: What is defined as "cardholder data"?

A: Cardholder data is any personally identifiable data associated with a cardholder.  This could be an account number, expiration date, name, address, social security number, etc.  All personally identifiable information associated with the cardholder that is stored, processed, or transmitted is also considered cardholder data.

Q: What is the definition of "merchant"?

A: For the purposes of the PCI DSS, a merchant is defined as any entity that accepts payment cards bearing the logos of any of the five members of PCI SSC (American Express, Discover, JCB, MasterCard or Visa) as payment for goods and/or services.  Note that a merchant that accepts payment cards as payment for goods and/or services can also be a service provider, if the services sold result in storing, processing, or transmitting cardholder data on behalf of other merchants or service providers.  For example, an ISP is a merchant that accepts payment cards for monthly billing, but also is a service provider if it hosts merchants as customers.

Q: What constitutes a payment application?

A: What constitutes a payment application as it relates to PCI Compliance?  The term payment application has a very broad meaning in PCI.  A payment application is anything that stores, processes, or transmits card data electronically.  This means that anything from a Point of Sale System (e.g., VeriFone swipe terminals, ALOHA terminals, etc.) in a restaurant to a Website e-commerce shopping cart (e.g., CreLoaded, osCommerce, etc) are all classified as payment applications.  Therefore any piece of software that has been designed to touch credit card data is considered a payment application.

Q: What are the penalties for noncompliance?

A: The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations.  The banks will most likely pass this fine on downstream till it eventually hits the merchant.  Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees.  Penalties are not openly discussed nor widely publicized, but they can catastrophic to a small business. 

It is important to be familiar with your merchant account agreement, which should outline your exposure.

 Please feel free to give us today and learn more about this exciting opportunity!

 

Observations

Time moves forward and the longer I live, the more I've had to face the loss of loved ones, friends or acquaintances of my own, friends or clients of mine.  I was in Michigan this past week attending one such funeral.  As I waited for the service to begin, my thoughts drifted to those probably not uncommon under these circumstances - - how is it possible that a man, the same age as me, was taken away from his friends and family so soon?  I also pondered my motivation and decision as to why I chose to be here, 4 hours away from home, for a gentleman I had never met.

Goodwill

As business owners I know we�ve all experienced situations where, already pressed for time for an appointment or on a deadline, we�re interrupted by a client call or visit.  A quick glance at a watch or the clock on the wall, the sound of frustration in our voice, speaks truthfully to the time constraint at hand - - that there's a desire to press on with what we're doing - - but is the message we want to relay to that client; that it somehow reflects on them?  How we react to this subconsciously - - or visibly speaks volumes to that individual as to their perceived value.  Sometimes it's necessary to take a moment and spread some goodwill with the people who are our clients or customers who - - by definition - - are our life's blood. 

 

 

 

Support

No, I had never personally met the gentleman lying in state at the front of the room.  I have, however, been friends with his daughter and her husband for many years through a family relation to my brother-in-law.  It was this long time friendship for a family going through a tragic loss that brought me here in support.  As I've grown older, a personal realization of mine is that one of our responsibilities IS to reach out in support of those around us.  It may not be as substantial as attending a funeral 4 hours from home - - not everyone is in a position to do this - - but how about a kind word, making the time for a conversation or dropping a quick note in the mail?

 

Time Management

When I feel this frustration, the reality check I quickly impose on myself is to ask, "How did I allow myself to get into this "time crunch" situation, and why am I allowing my mind to focus on it rather than the client who is interested, at this very moment, in working with me?"  Typically, the answer is that I have not planned my time management well up to this point.  I need to look over my "calendar" to see if tasks at hand can be more adequately prioritized to completing the most important ones first or, more long term, designate more time to tasks that seem to require that; I may need to start them a little earlier.  I know that we can't always plan for everything that comes our way but we all need to strive to do the little things to ensure our personal as well as our financial wellbeing and this starts by making the time for support and goodwill radiating out from ourselves to our circle of influence.  On a personal level it's very rewarding; on a professional level our clients will feel the value that they should feel.  It could take only seconds to destroy a long term and / or profitable business relationship.

As always I look forward to the opportunity to aid in the process of helping your business grow and become stronger.

 As always, please feel to contact JG Consulting Group with any questions you may have.

Phone:  (800) 797-0578  |   Email   |  Contact Form