Merchant Compliance Information for Business Owners

The latest credit card security regulations charge a new set of annual fees to credit card holders in order to prevent credit card fraud. These fees are a reasonable amount and should not bring any complaints to credit card holders since the benefits it will provide them will exceed the equivalent amount they need to pay.

Common terms associated with Merchant Compliance include the acronyms: PCI and DSS. PCI refers to Payment Card Industry while DSS refers to Data Security Standard.

PCI DSS is the set of requirements which are designed to guarantee that all companies which process, store and transmit credit card information will have a secure environment.

PCI DSS is the result of the security standards created by the Payment Card Industry Security Standards Council or PCI SSC which was launched on September 7, 2007. It is an independent body which was created by major payment card brands like American Express, JCB, Discover, Visa, and MasterCard for the purpose of improving secure payments and transactions.

This payment verification applies to all organizations and merchants no matter what the size may be as long as it accepts, transmits, and stores cardholder data. Therefore, anyone who accepts payment through a credit card or debit card transaction should automatically become PCI DSS certified.


A merchant is any entity that accepts payment cards from any of the five members of PCI SSC namely Discover, JCB, American Express, Visa or MasterCard for their goods and services. Anyone who stores, process or transmits cardholder data through these five major companies are automatically qualified as merchants and should become merchant compliant.

Cardholder Data

This is the identifiable data of the owner which is associated with his or her account. It can refer to his account number, name, address, expiration date of the card, social security number and other pertinent data relevant to his credit card or debit card. Most of the time, this is also the information which hackers illegally acquire while payment transactions are transmitted.

The Merchant Compliance Protection Service

There are two ways of processing an authorized credit card sale: use a credit card terminal through an integrated POS in the cash register of most stores or check the information through the internet. Whichever manner of processing you may choose, it will still require the transmission of relevant information through dial-up terminals or high speed internet connection. The problem lies with how this data is transmitted. There are several hackers who have stolen millions of credit card numbers and used it to their advantage while leaving credit card holders in a daze with regards to who unscrupulously used theirs. Thus, the need for increased security measures when performing business transactions through credit card accounts.

Network Security Scan is one method of guaranteeing the prevention of fraudulent credit card transactions. This is done through an automated tool which checks any vulnerability with regards to the merchant or the service provider system which it uses. It conducts a non-intrusive scan to Web applications and remotely reviews networks through the external-facing Internet Protocol (IP) address which the service provider or merchant provides. This is a must for all merchants who use external IP addresses in the completion of any credit card transaction.

For the purpose of compliance, network security scan should be performed every 90 days or once per quarter otherwise you will not pass the Merchant Compliance Requirements.

Can merchant compliance fees be avoided?

It is not wise to cancel your merchant account simply because it requires you to pay an additional merchant compliance fee because sooner or later all trusted credit card processing companies and banks will start charging the same. Moreover, this additional security feature is designed to give you more peace of mind when paying your bills or shopping expenses through credit cards.

The Process of Becoming Merchant Compliant

First and foremost, you will be classified into one of four merchant level types. This depends on the volume of business transactions you have incurred for the entire year. Each credit card processing company, like VISA, American Express, JCB, MasterCard and Discover, has their own definition for each type of merchant level. After identifying your validation type as fully defined and categorized by PCI DSS, you will be required to complete a Self Assessment Questionnaire that is in accordance with the Instructions and Guidelines provided for in the form. The information which you have stated will then be scanned through the PCI SSC Approved Scanning Vendor (ASV), only if you are a Type 4 or Type 5 as well as for merchants who have external facing IP addresses.

The next procedure which must be done is the relevant Attestation of Compliance which is to be submitted as proof that you have passed the scan. After which, you will then be declared as Merchant Compliant by PCI DSS.

Penalties for Non-Compliance

As mentioned earlier, every business or company who conducts transactions with debit cards or credit cards must be Merchant Compliant otherwise the company may need to pay a fine of $5,000 to $10,000 per month due to PCI compliance violations. Even worse, banks may even terminate your account with them or increase transaction fees since your payment transactions are not guaranteed.

The above mentioned consequences of non-compliance are just a few of the negative impacts your business may bear. Clients may also lose their trust and confidence on your company after realizing that you have not passed the requirement of PCI DSS.


Merchant compliance is a must in the present generation where almost all transactions are done through credit cards and debit cards. It is the product of the five major credit card processing companies who have suffered much because of several credit card frauds in the past. There is no sufficient reason why anyone would complain of the additional fees which must be paid in order to have additional security in their payment transactions. It is to the advantage of everyone especially the credit card holders, because it guarantees no unwanted and unscrupulous transactions ever take place with their credit card account.