Customer Support | Free Rate Comparison VerePay Login
BankCard Central Logo
How can we help you?   
Can't find what your looking for? Click Here  
  Accept Credit Cards Today!  
Merchant Processing Solutions Credit Card Equipment Software
Credit Card Processing VerePay PrismPay Recurring Billing Customer Validation Payment Options Business Diversity Credits Payment Gateway PCI Compliance Check Services Loyalty Program Gift Cards Merchant Cash Advance Online Ordering System Bill Payment Suite Merchant Accounts
Domain Registration SSL Certificates Shopping Carts Web Hosting Website Security Search Engine Optimization Internet Marketing Email Marketing Mobile Marketing

PCI Compliance / Website Security

Payment Card Industry Security Standards Council (‘PCICo’) defines the standard for securing Personal Account Numbers (‘PAN’) and personally identifiable information (‘PII’), wherever it is located. Compliance is required of all entities storing, processing, or transmitting cardholder data. Acquiring Banks must comply with PCI and are responsible for ensuring the compliance of their merchants for all payment channels, including retail (brick-and-mortar), mail/telephone-order, and ecommerce.

Click here for Demo of the PCI ToolKit Wizard.

PCI Compliance Toolkit An interactive Web Application tool for merchants to complete the PCI DSS compliance requirements and SAQ worksheets
Home >> PCI Compliance >>
Share |

PCI Compliance Requirements

A defined list of 12 basic security requirements with which all Merchants must comply and detailed sub-requirements, which tie back to the basic requirements

  1. Install and maintain a working firewall to protect data
  2. Keep security patches up-to-date
  3. Protect stored data
  4. Encrypt data sent across public networks
  5. Use and regularly update anti-virus software
  6. Restrict access by "need to know"
  7. Assign unique ID to each person with computer access
  8. Don't use vendor-supplied defaults for passwords and security parameters
  9. Track all access to data by unique ID
  10. Regularly test security systems and processes
  11. Implement and maintain an information security policy
  12. Restrict physical access to data

How CISP Works

Merchants are responsible for ensuring that their merchants use, service providers that are CISP-compliant. VISA® may impose a fine on non-compliant merchants and in sever cases bar the merchant from accepting VISA® Credit Cards.

Merchants receive protection from fines in the event of a data compromise when their merchant service provider is found to be CISP-compliant at the time of the security breach. Merchants are, however, subject to fines—up to $500,000 per incident—if they are not CISP compliant at the time of the breach.

CISP Groups Defined

Merchant Level Selection Criteria Must submit Compliance documentation by:
1 More than 6 million VISA® transactions processed annually September 30, 2004
2 500 thousand to 6 million VISA® transactions processed annually June 30, 2005
3 Less than 500 thousand VISA® transactions processed annually TBD by Member

Why Comply?

VISA® will fine or disbar a merchant whose cardholder data is compromised and is later found not to be in compliance with CISP.

Consumers Want Security

Recent media reports of hacker incidences, stolen credit card numbers, and identity theft have triggered, for consumers, a serious concern about information security among consumers. Today, consumers want absolute assurance from businesses that their credit card numbers and other personal information is secure.

Minimized Threat to Reputation and Financial Position

The financial penalties and resource outlay is minimal compared to the loss of significant revenue and goodwill that can result from having customers personal information stolen.

Disclosure of Cardholder Information

Merchants may only disclose VISA® transaction information to service providers approved by VISA®.

CISP Compliance Penalties

Failure to comply with CISP standards or to rectify a security issue may result in:

  • Fines (described below)
  • Restrictions on the merchant; or
  • Permanent prohibition of the merchant or service provider's participation in VISA® programs.

The following fines apply for non-compliance, within a rolling 12-month period:

First violation


Second violation


Third violation

Management discretion

Loss or Theft of Account Information

Merchants must immediately report the suspected or confirmed loss or theft, including a loss or theft by one of the Member or merchant's service providers, of any material or records that contain personal identity and financial information. Failure to report a theft of account information may result in severe fines from $100,000.00-$500,000.00.

  Quick Guides:

Sign Up for the
Possibilities Newsletter

  Related Topics:
  • Payment Processing Security
  • PCI Requirements
  • PCI Compliance Resources

      1321 Burlington Street, Suite B North Kansas City, MO 64116  
    BankCard Central, LLC is a registered ISO/MSP of Merrick Bank, South Jordan, UT

    BankCard Central, LLC is not a chartered bank or trust company, or depository institution.
    It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.

    All Content © 2015 Copyright | Privacy Policy | Sitemap | ROR
    Bottom Border
    Credit Card Processing | Merchant Cash Advance | eCommerce Solutions | Credit Card Processing Rates | PCI Compliance
    Residual Income Opportunities | Payment Gateways | Gift Card Program | Loyalty Card Programs | Shopping Cart Solutions | Blog
    Technical Support | Credit Card Processing FAQs | About BankCard Central | Partners | Merchant Testimonials | Contact Us
    * Applicable and monthly service charges still apply. No application Fees.

    Third-party marks and brands are the property of their respective owners.