Welcome to PCIStandard.com

Auric Systems International created and sponsors this site as a source of information for merchants.

The Payment Card Industry (PCI) Data Security Standard resulted from a collaboration between Visa and MasterCard to create common industry security requirements. Other card companies operating in the U.S. have also endorsed the Standard within their respective programs

Why is there a PCI standard?

The benefit to aligning all these programs under a single standard is to create a commonly accepted set of industry measurements and tools. The result of which is a single validation process that will satisfy all the card associations. The intention of having a single set of standards to validate against makes it less complex for the merchant.

paymentvault tokenization

Why should you care?

Failure to comply with the PCI security standard may result in substantial fines or permanent expulsion from card acceptance programs.

Your customers are depending upon you to keep their sensitive payment card information safe. Just one incident can have wide-spread results, damaging your reputation and resulting in loss of both sales and positive relationships with partners.

Who is required to meet the PCI security standard?

Size doesn't matter - PCI compliance applies to all organizations or merchants that collect, process or store credit card payment information, regardless of size or number of transactions.

All Acquiring Banks (merchant banks) were also required to have received certified proof of PCI compliance from merchants with more than 20,000 transactions per year by June 30, 2005. This does not mean that only merchants with more than 20,000 transactions per year are required to meet the PCI standard. Acquiring Banks are required to have documented proof of compliance from these merchants, or be liable to fines themselves. Many banks are already requiring all merchants, regardless of transaction volume, to produce this Certification of PCI Compliance.

Tokenization is the most effective way of minimizing your PCI compliance footprint

What do I need to do to meet the PCI standards?

The PCI standard comprises two basic steps:

1. Pass quarterly remote vulnerability scans conducted by a Visa and MasterCard "Qualified Independent Scan Vendor". PCI scans are required for all internet connection points whether they are office networks or home/office connections (dial-up, DSL, cable or wireless) or permanent Internet servers such as your web site and email server, etc.

2. Successful completion of a security self-assessment questionnaire (SAQ). The self assessment questionnaire asks specific questions about your internal security practices, both on your web site and in your office.

SAQ A v2.0 All cardholder data functions outsourced. No Electronic Storage, Processing, or Transmission of Cardholder Data

SAQ B v2.0 Imprint Machines or Standalone Dial-out Terminals Only, No Electronic Cardholder Data Storage

SAQ C v2.0 Payment Application Connected to Internet, No Electronic Cardholder Data Storage

SAQ C-VT v2.0 Web-Based Virtual Terminal, No Electronic Cardholder Data Storage

SAQ D v2.0 All other SAQ-Eligible Merchants and Service Providers

Each SAQ also has a corelating Attestations of Compliance (AoC) that should also be completed

To obtain your SAQ and AOC go to this link:  security self-assessment questionnaire


pci standard twitterFollow us on Twitter