<img src="http://www.seatac15.com/62698.png" style="display:none;">

Use 3DSI to help you become PCI compliant

Payment Card Industry regulations apply to every company that collects, transmits, processes or stores cardholder information — no matter how many transactions you process or how small your business. This includes retail point-of-sale services, e-commerce and mail/phone order. And the cardholder may be a consumer or another business that makes a payment via credit card.

Your responsibility to maintain PCI compliance is part of the privilege of accepting credit or payment cards. The only way to reduce the burden of PCI compliance is to transfer the risk in part or entirely to someone else.

And that’s where we can help.

What is PCI DSS?

The PCI Data Security Standard is not a formal law decreed by any legislative government. It’s a global policy developed by the private regulatory body known as the Payment Card Industry Security Standards Council. The major payment brands of American Express, Discover, MasterCard, Visa, and JCB formed the council in 2004.

PCI SSC developed the Data Security Standard, a detailed and comprehensive standard that acts as a common set of minimum security requirements all merchants and service providers that handle sensitive credit card data must implement. The payment brands themselves enforce the security standard for the merchants and service providers that accept their forms of payment.

If your company stores, processes or transmits any of the information recorded on a credit or debit card, then you must abide by the PCI DSS or face:

  • Significant fines.
  • Higher operating costs through increased compliance requirements.
  • Potential suspension or expulsion from card processing networks.

Where you’re at risk

Your No. 1 responsibility in this regard is to protect the cardholder data under your control. This could be at the POS, as it flows into the payment system or in a database of stored information (which is definitely not recommended). Compliance with the PCI standard includes protecting:

  • Card readers.
  • POS systems.
  • Store networks and wireless access routers.
  • Payment card data storage and transmission.
  • Payment card data stored in paper-based records.
  • E-commerce applications and web services.

Get a copy of the full PCI DSS 3.0 requirements at https://www.pcisecuritystandards.org/security_standards/index.php.

How we help

Credit card tokenization is the process of removing credit card data from your internal network and servers — and replacing it with a unique, generated placeholder, or “token.” Tokenization helps companies that accept, transmit, process or store customer credit card data in any way to comply with the 12 current PCI DSS requirements.

How?

  • Outsourcing tokenization means sending your customers’ credit card data offsite and not storing it. Not having a so-called cardholder data environment significantly reduces the scope of your PCI assessment — which makes sense, because even if your system is breached, any tokens the cybercriminals find will be useless to them.
  • Since the token is used to initiate a transaction rather than PAN, there is no danger of exposing PAN while running the transaction.
  • To prove PCI DSS compliance, most companies are required to file a Self-Assessment Questionnaire with their processor. Properly implemented tokenization with the right vendor allows full outsourcing of card data collection and storage — potentially allowing the 12-question SAQ A questionnaire instead of the 240-question SAQ D.

Outsourcing with 3DSI also means that we handle updates to ensure compliance with continually changing PCI standards. And since 3DSI’s core business is securing payments, we are continuously improving our tokenization processing technology.

And this allows you to focus on your core business and customer satisfaction.

New Call-to-action