Level 1 Service Provider PCI Compliance
PowerPay is recognized as Level 1 Service Provider compliant with the PCI Data Security Standard, as advised under the program rules of both Visa and MasterCard for validated Service Providers. Level 1 Service Providers must adhere to the strictest data security standards and must undergo and document an annual on-site PCI Data Security Assessment and quarterly vulnerability scans.
PCI Certificate (PDF)
Working with You to Protect Your Business and Your Customers
Payment Card Industry (PCI) compliance refers to a set of data security guidelines designed by the Payment Brands specifically to keep customers’ account data from being compromised. As technology aimed at breaches evolves, and instances of theft continue to increase, data security is more important than ever. PowerPay is dedicated to working with you to protect your customers and your operations by helping you ensure that your business is PCI compliant.
The Importance of PCI Compliance
Businesses that are PCI compliant not only help protect their customers’ information, they also portray a positive and trustworthy business image and build success by developing a high level of customer confidence. By being PCI compliant, you will help protect your business from breaches that can lead to significant fines, penalties, liability issues, a loss of productivity, and severe damage to business reputation. While following PCI requirements does not absolutely guarantee 100% protection against a breach, being PCI compliant does absolutely increase data security and helps protect businesses from easily avoidable threats.
The Responsibility of Merchants and Service Providers
The area of PCI compliance which applies to merchants is called the PCI Data Security Standard (PCI DSS). The PCI DSS consists of 12 requirements developed by the PCI Security Standards Council. Any merchant or service provider (i.e. payment gateway, shopping cart, web hosting company, etc.) that accepts, handles, stores, or transmits credit card information is required by the Payment Brands to validate PCI compliance every year. Validate PCI Compliance by following the steps outlined on the PCI compliance website. Once complete, please submit your validation documentation to PowerPay’s PCI Compliance Team. Compliance requirements continue to evolve as businesses change and new data security threats emerge.
Taking the steps to be PCI compliant on an ongoing basis will help you to make sure you maintain a high level of security for your business and your customers. PCI validation may be required annually, but being PCI compliant is required at all times. Businesses must have ongoing monitoring plans in place to ensure they maintain compliance all of the time, even after they've finished validating. Failure to keep up PCI compliance after validation is a leading factor in reported breaches and it significantly increases the risk for both merchants and service providers.
Questions?
Please read our Frequently Asked Questions or Contact the PowerPay PCI Compliance Team.
*PowerPay does not endorse any links included on the website, and information is subject to change at any time. PowerPay believes this information to be valid and current, but cannot guarantee it as other entities such as PCI Security Standards Council, Payment Brands and others may change the information provided without notice.
Did you know?
How do breaches occur?
50% utilized some form of hacking (+10%)
49% incorporated malware (+11%)
29% involved physical attacks (+14%)
17% resulted from privilege misuse (-31%)
11% employed social tactics (-17%)
(Source: 2011 Data Breach Investigations Report, Verizon RISK Team & U.S. Secret Service and the Dutch High Tech Crime Unit)
PowerPay is a registered MSP/ISO of: HSBC Bank USA, National Association, Buffalo, NY. ©2010 All Rights Reserved.
