The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of requirements for enhancing payment account data security. These standards were developed by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa, Inc. to facilitate industry-wide adoption of consistent data security measures on a global basis. The standard aims to increase awareness and promote best practices in the handling of sensitive information as a means to minimizing identity theft and fraudulent transactions.
No. The framework of the PCI data security standards has existed in different forms for some time now and continues to evolve. You may be more familiar with the payment brands’ programs that promote the adoption of the PCI DSS
Payment Card Industry Security Council. The council was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International. It was created as an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. For further information, visit their website at https://www.pcisecuritystandards.org/ (link opens in a new window and may be blocked by popup blockers.)
Payment Card Industry Data Security Standard Education Materials. The PCI DSS version 1.2 is a set of comprehensive requirements, a total of 12 in all, for enhancing payment account data security. It was developed by the PCI Security Standards Council to help facilitate the broad adoption of consistent data security measures on a global basis. For a copy of the complete PCI DSS please open the following document https://www.pcisecuritystandards.org/security_standards/pci_dss_download.html [Note: You will need Adobe Acrobat Reader to view the document. If you need to install Adobe Acrobat Reader on your computer, you can get the latest version here (link opens in a new window and may be blocked by popup blockers.)
Yes, all merchants, whether small or large, are required to be PCI compliant. The payment brands have collectively mandated PCI DSS compliance for any and all organizations that process, store or transmit payment cardholder data. Inherent in having a merchant account is the ability to handle cardholder data.
No. Use of a PCI compliant payment application is one aspect of the many PCI DSS requirements, which cover handling of sensitive data. Currently, the PCI DSS lists twelve requirements. These requirements are organized around the following principles:
If you choose not to complete the self-assessment questionnaire (and applicable network scans) you may overlook certain data security practices that minimize your risk of a security breach. In the event that your business is compromised, you may be subject to substantial fines per payment brand. These fines would be in addition to the expenses and fraudulent transactions resulting from the breach. In light of the importance that data security has to the payment processing industry and consumers at large, we, as your service provider, may also begin imposing a fee for each month that your account has not been validated as PCI compliant or in any given month your account is deemed non-compliant. Failure to validate compliance may result in the termination of your merchant account.
The Chemical Bank PCI Compliance Program includes: assistance in determining which version of the Self-Assessment Questionnaire is appropriate for your business; administration of any applicable network scans; guidance on any necessary remediation efforts; and certification and validation of your account’s compliance. At your earliest opportunity, please visit us on the Web at https://www.pciapply.com/pci_fi_login.aspx to log in to your merchant account and complete the necessary steps to become certified as compliant. You may also access the site through the Chemical Bank Merchant Services website by clicking on the PCI Compliance Program link.
Your default user ID and password were provided in a letter recently mailed to your business by Chemical Bank.
If you have any trouble logging into the system please contact your Merchant Services Representative at (866)901-0321, or by email at merchantservices@chemicalbankmi.com.
The PCI compliance certificate is valid for one year from the date the certificate is issued. To maintain your compliance, you are required to complete the PCI DSS self-assessment questionnaire annually and conduct any applicable network scan on a quarterly basis.