Pci Dss

US Auctions Australian Auctions Austrian Auctions Belgian Auctions Canadian Auctions French Auctions German Auctions Hong Kong Auctions Indian Auctions Irish Auctions Italian Auctions Dutch Auctions Polish Auctions Singapore Auctions Spanish Auctions Swiss Auctions UK Auctions

Best Match Time: ending soonest Time: newly listed Price: lowest first Price: highest first Price + Shipping: lowest first Price + Shipping: highest first

Verifone Vx570 Dial 6meg PCI DSS Credit Card Terminal    US $299.95

Verirfone Pin Pad PP1000SE 180 PCI DSS Brand New    US $89.95

Verifone Pin Pad 1000SE 180 PCI DSS Brand New    US $89.95

The Payment Card Industry Data Security Standard Explained In Full

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle cardholder information for the major debit, prepaid, e-purse, credit, POS, and ATM cards. 

The Payment Card Industry Data Security Standard (PCI DSS) was created by the PCI Security Standards Council. The main function of the PCI Standard is to reduce payment card fraud on the net and augment credit card data security. Every establishment that stores, transmits or processes cardholder data must conform with the PCI DSS, which is imposed by the 'acquiring bank' through whom you have the merchant account.

PCI DSS ASV

The Standard essentially wants merchants and member service providers (MSPs) who store, process or transmit cardholder data to; Protect cardholder data, Build and sustain a secure IT network, Keep up a vulnerability management program, Frequently monitor and test networks, Keep an information security policy and Apply strong access control measures.

The PCI DSS relates to any category of media on which card data can be held - including hard disk drives, floppy disks, magnetic tape and back up media, but also encompasses printed/handwritten credit & debit card receipts where the full card number is printed. These receipts are frequently held by merchants as a paper record of the transaction and might be used for voucher recovery purposes, or as evidence of the transaction if the acquirer issues a request for information (RFI). The card number must be held in full and therefore the receipts must be stored securely.

So what happens if you don’t comply with the PCI DSS? Well, and here I quote from the official IT Governance website; “The PCI Security Standards Council encourages all businesses that store payment account data to comply with the PCI DSS to help lower their brand and financial risks associated with account payment data compromises. The PCI Security Standards Council does not manage compliance programs and does not impose any consequences for non-compliance. Individual payment brands, however, may have their own compliance initiatives - including financial or operational consequences to certain businesses that aren't compliant.”

In other words - each payment provider will take what action it believes it can make stick, commercially, to impose the PCI DSS. There are no standardised penalties across all the payment brands, and the PCI council has no plans to create any. So it’s all up to you!

My small business accepts credit cards. Paid a company so I would be PCI DSS compliant. Is this required?

My small business accepts credit cards when we travel to trade shows around the country. Last year I was contacted by e-mail and told that I needed to purchase a plan from a company to protect the information from my customers. They said I needed to be PCI DSS compliant. Is this a scam? Is this something I should keep doing? How does something like this protect anyone? As I recall the cost was several hundred dollars. It is time to renew, and I want to be sure that this is legitimate.

Is your company big enough that you have to worry about one of your employees stealing a customers information? In all honesty, A small business where only a select few have access to such info is something I would not delve into this.
I personally when taking orders have not ever had one customer ask me if I used any type of insurance protecting their information from being stolen.
So unless you have a company large enough that you do not personally know your people that are accepting the credit card info (and afraid they will steal it for whatever reason) I wouldn't worry about it right now.
Also, if you want to use that as a "hey customer, we have this in place to protect you" to help your business, then do it.
I personally do not use this service as my company isnt big enough that I dont know who I employ personally and I have yet to have a customer inquire if I am insured if their info is stolen thru my company.
Also, I would tend to steer away from an unsolicited email proposing to sell me the program. If you didnt request that information, then that is one of those emails that hope that can get your business.
Goto google and type in "PCI DSS" and you will find lots of legit companies that will be able to provide you the insurance you need.
It is NOT a law anywhere that you must have this. It does protect a company if someone runs off with all your customers information. Also, when you search google or yahoo for that above term. do not just go by the first few results, those are paid to be there which is fine. But ALWAYS compare a few of the companies and then goto the BBB online to further investigate to be sure you are safe.

How to Meet PCI DSS Requirements