::  Payment Card Industry  ::

e-onlinedata:

Payment Card Industry Compliance 		ControlScan


In response to the overwhelming occurrences of cardholder fraud and identity theft, the Payment Card Industry (PCI) Data Security Standard (DSS) was created by major credit card companies to safeguard customer information. Visa, MasterCard, American Express, and other credit card associations mandate that merchants and service providers meet certain minimum standards of security when they store, process and transmit cardholder data.

Payment Card Industry Data Security Standards (PCI DSS)

Detailed requirements for PCI DSS can be found by clicking the following link:
https://www.pcisecuritystandards.org/

  • Build and Maintain a Security Network
  • Protect Cardholder Data
  • Maintain a Vulnerability Management Program
  • Implement Strong Access Control Measures
  • Regularly Monitor and Test Networks
  • Maintain an Information Security Policy

e-onlinedata, in partnership with ControlScan, will continue to educate its merchants on the basics of data security and the mandatory industry requirements set forth by the Payment Card Industry Data Security Standards Council.

As an e-onlinedata merchant, ControlScan will provide you with the following:

  • Access to ControlScan's Sentry PCI Portal

    • Most user-friendly PCI solution in the industry
    • Internet-based, non-intrusive detection, network vulnerability scans
    • Vulnerability scanning and identification (15,000+ threats) for 1 IP address
    • PCI self-assessment questionnaire
    • Real-time snapshots of self assessment, scanning results and overall compliance progress/status
    • Proof-of-Compliance auto submission capability to merchant bank
    • Objectively mimics the outside, looking in view of attackers
    • Quarterly scan due date reminders
    • FAQs and knowledge library


  • Support for achieving PCI compliance certification

    • Understanding PCI DSS
    • Self assessment questionnaire completion guidance
    • Technical support tools for vulnerability remediation and resolution guidance


  • Support for maintaining PCI compliance certification

    • Ongoing weekly vulnerability scanning
    • On-demand vulnerability scanning


To get started call 1-800-625-2586 to talk to a ControlScan PCI Specialist or visit: https://www.pcigateway.com/merchantpci

LEVEL DESCRIPTION REQUIREMENTS DUE DATE
1 Over 6 million transactions/year
  • Annual On-site PCI Data Security Assessment


  • Quarterly Network Scan by a third party Approved Scanning Vendor
 September 30, 2004

New level 1 merchants have up to one year from identification to validate
2 1 million to 6 million transactions/year
  • Annual PCI Self Assessment Questionnaire


  • Quarterly Network Scan by a third party Approved Scanning Vendor
 New level 2 merchants:

September 30, 2007
3 20,000 to 1 million transactions/year
  • Annual PCI Self Assessment Questionnaire


  • Quarterly Network Scan by a third party Approved Scanning Vendor
 June 30,2005
4 Under 20,000 transactions/year
  • Annual PCI Self Assessment Questionnaire


  • Quarterly Network Scan by a third party Approved Scanning Vendor
 Validation requirements and dates are determined by the merchant's acquirer

To Learn more visit:

http://usa.visa.com/merchants/risk_management/cisp_merchants.html?it=l2|/merchants/risk_management/cisp.html|Merchants

Merchant Services - PCI FAQ's

What is the process to use ControlScan's Sentry PCI for certification?

To get started call 1-800-625-2586 to talk to a ControlScan PCI Specialist or visit:
https://www.pcigateway.com/merchantpci

The easy to use Sentry PCI service includes:

  • Automated Self-Assessment Questionnaire
  • Scheduled and Automated Vulnerability Scans
  • Easy to Use Vulnerability patches for vulnerabilities found
  • Advanced false positive management
  • Streamlined auto-submission reporting to your merchant bank

Why is the Payment Card Industry (PCI) important?

As your merchant bank, Visa, MasterCard, AMEX and Discover require us to inform you about the required data security practices for merchants who process credit cards. The data security standards are set forth by the Payment Card Industry (PCI) and must be adhered to in order to protect your customer's financial and personal data. The consequences of non-compliance include costly security breaches and substantial fines.

What is PCI?

The Payment Card Industry (PCI) Data Security Standards are association (VISA/MasterCard/AMEX) and industry mandated requirements for members, merchants, and service providers that store, process or transmit cardholder data. Merchants are responsible for the security of their cardholder data and must be compliant with standards that greatly reduce the opportunity for data to be compromised. To demonstrate compliance with the PCI Data Security Standard, merchants and service providers are required to conduct network security scans on a regular basis as defined by the PCI Security Standards Council. Additionally, merchants are required to complete an annual self-assessment questionnaire concerning their internal security measures.

Network Security Scans are an indispensable tool to be used in conjunction with a vulnerability management program. Scans help identify vulnerabilities and misconfigurations of web sites and IT infrastructures containing externally facing IP addresses. Vulnerabilities can be defined as certain weaknesses in areas of your website/server where hackers can gain access to your customers' financial and personal data.

The results of these security scans provide valuable information that support efficient patch management, and other security measures, that improve protection against Internet hacking.

Your company's website can now be scanned and become PCI Compliant by using ControlScan's Sentry PCI. EOD has selected ControlScan as our Approved Scanning Vendor (ASV) to assist EOD merchants in becoming PCI Compliant.

Who has to comply with the Payment Card Industry Standards?

Network Security Scans apply to all merchants and service providers with external-facing IP addresses that store, process or transmit credit card data. Even if an entity does not offer web-based transactions, there are other services that make systems Internet accessible. Basic functions such as email and employee Internet access will result in the Internet-accessibility of a company's network. These seemingly insignificant paths to and from the Internet can provide unprotected pathways into merchant and service provider systems and can potentially expose cardholder data if not properly controlled.

What is an Approved Scanning Vendor?

All PCI scans must be conducted by a third party compliant network security scanning vendor, selected from the list of approved vendors at https://www.pcisecuritystandards.org/. We have selected ControlScan as EOD's Approved Scanning Vendor. All compliant scanning vendors are required to conduct scans in accordance with a defined set of procedures. These procedures dictate that the normal operation of the customer environment is not to be impacted and that the vendor should never penetrate or alter the customer environment.

What are the certification levels and what do they mean?

A merchant's compliance classification level is determined by annual transaction volume.

Information about merchant levels and service provider levels can be found at
https://www.pcisecuritystandards.org/.

How will ControlScan's Sentry PCI help me to get certified?

ControlScan is certified as a PCI security scanning vendor and helps merchants and their consultants achieve compliance with the PCI Data Security Standard. ControlScan makes it easy for merchants to comply with PCI requirements. ControlScan's Sentry PCI is an on demand compliance testing and reporting service. Using ControlScan's Sentry PCI, merchants can run PCI compliance scans, complete PCI self assessment questionnaires and submit compliance reports directly to merchant banks. ControlScan's on demand delivery model makes Sentry PCI available anytime from any browser, without software to install or maintain.

Is this a one-time requirement?

No, the card associations require merchants to be in compliance at all times. The requirement is comprised of two basic steps: the completion of an annual self-assessment questionnaire and quarterly network vulnerability scans that meet compliance standards. ControlScan's compliance program provides simple-to-use tools for merchants that include quarterly vulnerability scanning, annual self-assessment, and proof-of-compliance auto submission.

What report am I required to send to my merchant bank?

The PCI Executive Report is must be submitted to your merchant bank. To meet PCI compliance, the PCI Executive Report must indicate an overall PCI compliance status of "Passed". This status is reported only when the required vulnerabilities are fixed and validated by a PCI scan.

Login to: http://www.pcigateway.com/merchantpci

Can I submit reports directly to my merchant bank?

A terrific advantage of working with ControlScan's PCI service is that banks are able to sign up to use Sentry PCI, enabling them to view submitted PCI compliance documents and track PCI compliance status for their merchants through the Sentry PCI application.

Where do I find out more information about PCI?

More information about PCI can be found at the following sites:

https://www.pcisecuritystandards.org/

https://sdp.mastercardintl.com/

http://www.mastercardsecurity.com

http://corporate.visa.com/st/programs.jsp

e-onlinedata is a registered ISO/MSP of HSBC Bank USA, National Association, Buffalo, NY
©2006 All Rights Reserved.

 Rates and Fees

 Payment Solutions

 Authorize.Net

 Retail Processing

 ISP/Host Processing

 NonProfits click here

 Best Practices

 Chargebacks/Fraud

 PCI Data Security

 FAQs


APPLY NOW
CONTACT US
OUR BLOG