What is PCI DSS Credit Card Compliance All About?
Breaking it down, I will try to provide a brief explanation on what all this talk concerning credit card compliance is about and what it means to direct marketing companies, now and in the future, and most importantly, how you can tell who is and who isn’t compliant.
First, the acronym PCI DSS stands for Payment Card Industry Data Security Standard. The standards inherent are set and endorsed by Visa, American Express, Discover Financial Services, JCB and MasterCard Worldwide. In other words, ALL OF THE MAJOR CREDIT CARD COMPANIES.
The simple goal is to safeguard consumer credit card information and personal data by developing rigorous security standards for all LEVEL 1 processing companies. What is the definition of a LEVEL 1 processing company? Boiled down, it is any company that handles and stores your credit card data. So, your fulfillment company, your telemarketing company and any database company that falls within that definition needs to be certified. The company needs to be LEVEL 1 certified, 3rd Party assessed. Being self-assessed does not make a company compliant. Go to Visa website www.visa.com/cisp to see if your vendors are compliant.
It is your obligation to ensure your vendors are LEVEL 1 compliant, certified and on the list. If not, you’re exposing your company to BIG $$$ FINES. Any breach by any of your non-compliant vendors will cost you and in the future, all non-compliant companies will be levied hefty fines. Call your merchant processor and check your merchant agreement for details. All compliant companies must be validated by Trustwave Trusted Commerce or a PCI-approved auditing firm. Once validated, they will prominently display the validation seal on their website and other media.
George Fanolis is vice president of business development for Fosdick Fulfillment
Tags: , credit card compliance, data security, dds, fosdick fulfillment, george fanolis, pci compliance, visa