PCI Compliance

The security of cardholder information is important to both your customers and your business. Annual stolen card volume has grown 1075% since 2005, for an estimated 143 million stolen records in 2009.1 Are you doing everything you can to protect your business and cardholder data?

What Is PCI DSS?—Watch Our Video

The Payment Card Industry Data Security Standard (PCI DSS) was created by the five major credit card companies as a guideline to help business owners implement the necessary hardware, software and other procedures to guard sensitive credit card and personal information. More...

One of the most significant PCI DSS requirements is that merchants may not store magnetic-stripe data after an authorization is obtained on a credit card. After authorization, magnetic-stripe data must be purged from your records and from any system you use.

Cardholder security is our first priority at First Data, let us help you meet PCI compliance standards to protect your business.

Less

How Can I Become PCI Compliant?—See Our Five Easy Steps

We created the Five Easy Steps guide to make it easy to complete PCI compliance using our Qualified Security Assessor (QSA), SecurityMetrics. In less than 30 minutes, you could be PCI compliant. More...

You are free to certify with any PCI vendor you like. The benefits of using SecurityMetrics are that you will receive a low or no-cost assessment and your certification is sent directly to us.

Less

How Can I Protect Cardholder Data—The First Data® TransArmor® Solution

You can reduce the scope and cost of PCI compliance by using a terminal equipped with the First Data TransArmor solution. The TransArmor solution uses encryption and tokenization so your systems never hold the actual card numbers from the transactions you process. The TransArmor solution is available on new terminals and many older terminals.

What Happens If I Don’t Become PCI Compliant?

If your business fails to comply with PCI DSS, you risk substantial fines—and even risk losing your ability to process credit card payments. In the event of a security breach, you also risk losing customers. Finally, you will be assessed a monthly fee on your card processing account. Become PCI compliant now to help avoid all these costs and risks! More...

If your business is compromised, you may be subject to fines of up to $500,000 per Association. In addition, you could incur fees, chargebacks and legal costs. In the event of a security breach, a merchant pays $204 per compromised record on average in fines and penalties.2

Perhaps more important, you risk the loss of customers if your business experiences a security breach. Research shows that 43% of customers who have been victims of fraud stop doing business with the merchant where the fraud occurred.3

In addition, if you don’t provide PCI compliance certification, you will be assessed a monthly Non Receipt of PCI Validation fee on your card processing account.

If your business is being charged a fee for non-compliance with PCI DSS, click here to learn what you can do.

Less

What Does PCI Compliance Cost?

For who use PCI Rapid Comply, the annual online SAQ certification and quarterly vulnerability scans, if needed, will continue to be included in the annual Compliance Service Fee.  If you elect to use another vendor such as Security Metrics who is FDMS’ preferred PCI DSS security vendor, you will need to set up a separate billing relationship with that vendor and make payment directly to that vendor. Additionally, you will need to report your PCI compliance status to us.

Merchant Experiences: Costs of Card Data Theft

Did you know that a card data theft can cost your business over $100,000? See below case studies/testimonials from small business owners who have had between $120,000 - $612,000 in losses from data security breaches, from hacking, malware attacks, and phishing scams. Get PCI compliant now to help protect your business from these losses. More...

CASE STUDIES

Pono Products, Inc. (Reuseit.com)
Chicago, Illinois
April 9, 2012 

1,000 records compromised
A hacker or hackers were able to intercept customer information online between August 22 and September 28 of 2011. Customers who were affected may have had their login, password, and credit card information obtained.  Anyone who used the same login and password combination for reuseit.com and other websites should change their password.

TryMedia (TM Acquisition - TryMedia is a division of RealNetwork.)
Seattle, Washington
January 30, 2012 

12,456 records compromised
Try Media's ActiveStore application was attacked by intruders who were able to intercept and obtain the credit card information of customers.  Credit card numbers, expiration dates, security codes, addresses, email addresses, and passwords to user accounts for transactions that occurred between November 4, 2011 and December 2, 2011 were accessed.

Small Dog Electronics
Watsfeld, Vermont
March 3, 2010

Security Breach Method: Hacking
After Small Dog began collecting and matching customer donations for Haiti relief efforts, a hacker breached the website and began stealing customer credit card information. The breach lasted from December 2009 to January of 2010. Three thousand customer records were stolen.

Estimated merchant cost: $612,000

Source: Privacyrights.org

TESTIMONIAL

In August 2006, Carla, a small business owner, experienced a data security breach at her restaurant. “I felt I had been blindsided…I was not aware that could ever happen to me.”

“We did end up spending about $120,000 on everything involved, forensic investigator, attorneys’ fees…mainly on the fees that we had to pay MasterCard and Visa.” Carla was shocked to learn that the credit card companies have authority to dole out fines.

Based on a 2010 study, 3 out of 5 small merchants continue to be unaware of their liability in the event of a data breach. The study’s respondents didn’t realize the potential ramifications of noncompliance, including potential fines of thousands of dollars and a per-card fee for each card that has to be cancelled.

Source: RSPA Publications Small Merchant Data Security Study by First Data and National Retail Federation 2010

Less

1Verizon and US Secret Service 2010 Data Breach Investigations Report
2Ponemon Institute 2009 US Cost of a Data Breach Study
3Javelin Strategy and research June 2009

  • View Your Statement Anytime

    Follow this path to view your statements on Business TrackSM Reporting, Funding, Monthly Statement. Go to Business Track.

Checkout secured by SSL encryption. MerchantInsider.com is best viewed by Internet Explorer 8.0, Firefox 3.6 and Safari 5, or higher versions of these browsers. If you are using an earlier browser, some site features may not function or display correctly. Web browser upgrades are available free of charge. © 2012 First Data Corporation. All Rights Reserved.