FAQ with USMSa Merchant Services Provider

Who administers PCI Compliance?

The Payment Card Industry (PCI) Data Security Standard (DSS) spells out details on security requirements for merchants and service providers that store, process or transmit cardholder data. Even USMS needs to abide by strict guidelines and scans to ensure PCI Compliance. The PCI DSS began as the 5 major credit card companies joined to become a neutral body to address security standards. Today every Credit Card Processer and Merchant is required to be compliant, and annual checks are part of this compliance. Merchants are responsible for taking an annual SAQ (Self Assessment Questionnaire) which is provided by USMS on our easy to use PCI compliance website.

Is PCI Compliance required for every company?

It is a common misconception that merchants accepting a very small amount of cards do not need to be PCI compliant. This is false. PCI applies to every company that stores, processes, or transmits cardholder data. This includes both e-commerce merchants and those that use a POS Terminal. The pass mark for PCI is 100%, so if you fail even one of the criteria, you are not in compliance with PCI. Merchants are responsible for making sure they are compliant. Waiting to be notified could result in very costly fines. The average cost to a small business after breach is estimated at $38,000.

How do I know what merchant level my company is?

There are 4 levels of PCI compliance that all merchants will fall under. Determining the level for each depends on the amount of transactions, volume, and how those payments are being processed. Taking the PCI SAQ (Self Assessment Questionnaire) will help indicate which level your business falls under. The four levels break down like this:

• Level 1: Greater than 6 million credit card transactions per year or ANY business that has succumbed to a data breach or any business deemed Level 1 by card associations.
• Level 2: Any merchant processes more than 1 million transactions regardless of channel.
• Level 3: Any merchant who processes more than 20,000 on line transactions per year.
• Level 4: Less than 20,000 e-commerce transactions or 1 million total transactions per year

What steps do I need to take to make sure our company is compliant?

A self-assessment questionnaire (SAQ) must be completed on an annual basis for every merchant accepting credit cards. This SAQ was redesigned so that it is more merchant friendly and asking questions that are more relevant to what merchants actually do. The SAQ is made up of four parts, and depending on which part matches your business the best determines the number of questions you will need to answer, and whether or not vulnerability scans are required. For some merchants, quarterly scans are required, so it is very important you answer your questions accurately.

What does USMS provide?

Because these SAQ tasks can be daunting and ordinarily take several hours to complete, USMS has created a dedicated website where each merchant can create a unique login where all of their PCI SAQ data will be housed. Merchants can access this data at anytime, and the web site was designed to simplify the process to an activity requiring only a few minutes. USMS also offers merchants a $50,000 breach insurance plan for free, with no deductible! This helps protect merchants who are PCI compliant from costly breaches, since being compliant does don’t guarantee immunity from a security breach. 86% of security breaches are from merchants who are considered “small”. USMS will also remind you annually when the PCI SAQ is due, to ensure you are never at risk of not being compliant.

Visit: https://www.usms.com/index.cfm/id/57/lang/english/understandingpcicompliance
For more information on how USMS can help your business be PCI compliant.

Answers provided by USMS Merchant Services