Become the security expert you wish you were.
The First Data PCI Rapid Comply solution is an online application designed by PCI security experts specifically for small to mid-size merchants. And it turns PCI DSS jargon into clear language, with expert help to guide you through the Payment Card Industry Security Assessment Questionnaire (PCI SAQ).
Here’s what you get with the PCI Rapid Comply Solution:
- Help choosing the right Security Assessment Questionnaire (SAQ)
- Many pre-populated answers
- Automatic vulnerability integrated scanning
- A step-by-step online application
- 24/7 access
- Hands-on support via chat, email or phone
See how easy it is to get and stay compliant with the PCI Rapid Comply Solution.
What is PCI?
PCI stands for Payment Card Industry, but usually means one of the following:
The Payment Card Industry Security Standards Council. This is an industry body made up of organizations like Visa, MasterCard, American Express and Discover. The Council is how these companies cooperate to agree upon a single, common security standard that Merchants are required to meet.
The actual security standard put together by the Council described in the first definition above. The full name for this standard is the Payment card Industry Data Security Standard (PCI DSS). Merchants must meet this set of security requirements if their business accepts, transmits or processes customer payment cards, such as credit cards or debit cards.
What is the PCI DSS?
PCI DSS stands for Payment Card Industry Data Security Standard. This is a technical and broad-ranging set of security requirements created by the Payment Card Industry, laying out what Merchants need to do to protect customer information. The PCI Council requires that Merchants meet this set of security requirements if their business accepts, transmits or processes customer payment cards, such as credit cards or debit cards. Merchants that do not comply with these requirements can be penalized in a number of ways, up to and including having their card-processing privileges revoked, leaving them unable to accept customer payment cards.
Click here to visit the PCI Council’s website for more information:
Does PCI DSS apply to all businesses and service providers?
PCI DSS applies to ALL organizations or Merchants, regardless of size, that accept, transmit, or store any payment card information. In other words, if any customer of that organization ever pays using a credit card or debit card, then the PCI DSS requirements apply.
What does a merchant have to do in order to satisfy the PCI requirements?
To satisfy the requirements of PCI, a Merchant must do two things:
- Comply with the Data Security Standard by meeting all of the requirements laid out in the Data Security Standard, and
- Validate their compliance. This means the Merchant must SHOW (in a manner appropriate to their size and situation) that they are complying with the Data Security Standard. For some Merchants, such as those with a high volume of card transactions, or with a history of security problems, validation involves on-site audits by certified professionals, but for many Merchants the primary requirements are:
- Annual completion and submission by the merchant of a PCI Self-Assessment Questionnaire (the SAQ); and
- Where appropriate, undertaking a quarterly network vulnerability scan by a certified scanning company.
It is important to note that being in Compliance does NOT automatically mean that the Merchant has met their Validation requirement
What is the PCI Self-Assessment Questionnaire or SAQ?
The Self-Assessment Questionnaire (SAQ) is a form that Merchants may be required to complete every year and submit to their Acquiring Bank. It was created by the PCI Council. Completing a Self-Assessment Questionnaire helps Merchants do two things:
- Check their Compliance, by finding out for themselves if they are in compliance with the Data Security Standard
- Complete part of their Validation, but giving others, such as their Acquiring Bank, evidence that they are in Compliance with the PCI Data Security Standard.
As of February 2008, there is no longer a single one size fits all Self-Assessment Questionnaire. Merchants now need to identify which one of five Validation Type categories they fit into, and then complete the appropriate Self-Assessment Questionnaire for their category. For some Merchants, the appropriate Self-Assessment Questionnaire is short and simple, while for other Merchants the appropriate Self-Assessment Questionnaire is long and extremely technical. Note that for all versions of the Self-Assessment Questionnaire, Merchants will only be considered compliant if they pass (or can answer “Not Applicable”) to ALL of the questions in the Questionnaire.
What is meant by Compliance?
Being “Compliant” means that the Merchant meets all of the requirements laid out in the Payment Card Industry Data Security Standard. The requirements for Compliance are the same for ALL Merchants, large or small. However, smaller Merchants typically avoid many of the Compliance problems that larger organizations face, because their systems and networks are usually simpler.
What is meant by Validation?
Validation means that a Merchant can demonstrate, via standard documents and/or tests, that they are meeting the PCI DSS requirements. Different Merchant types face different Validation requirements, depending on which of four levels they are assigned to.
Is PCI a government program or law?
No, PCI is not, in itself, a law. The standard was put together by business organizations including Visa, MasterCard and the other major card companies. Merchants that do not comply with PCI DSS are not necessarily breaking any law, but they are probably violating their Terms of Service or contract with their acquiring bank and the card associations. This means that the Merchant might be penalized or sued, or these companies might refuse to work with the Merchant. This means that the merchant would be unable to process credit or debit cards.
What is a network vulnerability scan?
While not all businesses will require scans, if one is needed, a vulnerability scan is an automated, non-intrusive process that assesses the Merchant’s network and web applications from the Internet (on the external-facing IPs). The scan will identify any vulnerabilities or gaps that may allow an unauthorized or malicious user to gain access to the network and potentially compromise cardholder data.
What happens if I don't become PCI compliant?
If your business fails to become PCI compliant, you could be putting your business at greater risk from the growing threat of payment card data breaches and theft, which may result in substantial penalties (such as fines from banks, regulatory agencies, and card associations), fraud and charge backs, as well as legal costs and lost customers. If you fail to become PCI DSS compliant or to report your PCI DSS-compliant status with a third-party vendor to First Data, you may also be charged a monthly non-receipt of PCI Validation fee by your Merchant Services provider until such time as you become PCI DSS-compliant or report your PCI DSS-compliant status to First Data.
If your business experiences a data security breach, you could even lose your ability to process credit card payments. Perhaps more importantly, you risk the loss of customers. Research shows that 43% of customers who have been victims of fraud stop doing business with the merchant where the fraud occurred.
How can I achieve PCI compliance and validation?
The First Data PCI Rapid Comply solution is an easy-to-use online tool that can help you achieve and maintain PCI DSS compliance more quickly and easily. It offers:
- Step-by-step guidance to complete the annual self-assessment questionnaire (SAQ): Our step-by-step application will direct you to the PCI SAQ that is appropriate for your business (A, B, C, C-vt or D). You can complete the SAQ with guided support, ensuring each question is answered accurately.
- Fewer questions to answer – in some cases, 85% fewer questions: With “pre-SAQ” questions, we can pre-populate the appropriate SAQ answers – which are often the most difficult – minimizing the number of questions you have to deal with and speeding up the SAQ completion process.1
- Comprehensive support that ensures your questions get answered: Have a question? With our built-in help, guides and security expertise, we can answer any PCI questions you may have – online and via chat, email and phone.
Are there additional fees for the PCI Rapid Comply Solution?
With First Data’s PCI Rapid Comply solution, there are no new or additional charges. The Compliance Services Fee charged to you by your Merchant Services provider includes your annual PCI self-assessment questionnaire (SAQ) and quarterly scans, if needed, which are offered in our PCI Rapid Comply solution.
If you fail to become PCI DSS compliant or to report your PCI DSS-compliant status with a third-party vendor to First Data, you may also be charged a monthly non-receipt of PCI Validation fee by your Merchant Services provider until such time as you become PCI-DSS compliant or report your PCI DSS-compliant status to First Data.
Do I have to use the PCI Rapid Comply Solution?
The benefits of using the First Data PCI Rapid Comply solution are that it is offered by and integrated with your merchant services provider. The PCI Rapid Comply solution includes a guided, step-by-step SAQ tool help to complete the annual questionnaire with ease, an integrated scanning tool for merchants that are required to pass quarterly scans and comprehensive support online and via chat, email and phone to ensure your questions get answered.
As your merchant services provider, we hope you will elect to use our PCI Rapid Comply solution. However you are free to obtain PCI DSS compliance services from third party vendors.
If you are charged an annual compliance service fee pursuant to your merchant processing contract, the PCI Rapid Comply solution is made available to you. If you choose to utilize the services of a third-party PCI compliance services vendor, you will be separately billed by that vendor for those PCI compliance services. Fees that First Data charges appear separately as a line item on your merchant account statement.
WHY MONIFY MERCHANT SOLUTIONS?
Monify is a full service payment solutions provider.
We facilitate electronic payment processing for Visa, MasterCard, American Express, Diners Club, JCB, EBT, debit cards, ACH, e-checks, and gift & loyalty cards. We also specialize in industry-specific payment methods like Fuelman, GASCARD, Voyager, Wright Express and TCH.
Next Day Funding
Processed funds are available within 24 hours. While other companies may hold onto your funds for up to three days, Monify Merchant Solutions offers the swiftest funding possible.
*Processed funds for petroleum customers are available within 48 hours.
Our online account portal, provides dynamic reporting and rich analytics to help you quickly and easily navigate through your account activity, giving you access to every transaction, refund, retrieval, chargeback and deposit.
Local Support and Service
Knowledgeable U.S.-based customer support experts are available 24 hours a day, 365 days a year to make sure that service interruptions are quickly identified and resolved. One-on-one training is also available to ensure that your staff has the information they need to be successful.
With our background in the wholesale and convenience retailing industries, Monify can quickly determine the right processing solution for your business. Whatever your retail needs, we’ll match you with the equipment needed to exceed the rigors of your operation.