PCI COMPLIANCE - Important Information


The following notes should have been included in your September/October statements. In case you missed the following notes for any reason, please review them below and plan accordingly.

These new “Rules” come directly from the Credit Card issuers (MC & VS), have nothing to do with any processing company and will be applied everywhere, regardless of the processing company you’re using!

PCI Compliance is a requirement by Payment Card Industry Data Security Standard (PCI-DSS), where you are sole responsible of ensuring your store is compliant with the PCI Standard requirements, to avoid any penalty assessments.
[]Reach out to any Software Company, IT Service Providers, POS Service Providers you work with, to make sure you have all updates / upgrades installed and that you can achieve compliance within your POS System.
]Ensure that your Internet Service Provider (ISP) can cover you with the PCI requirements, and if not then make sure to install equipment (Router) or additional services that can provide the required security.
[]Contact your Merchant Service Provider to ask for help and instructions on how to do this, confirm that you are compliant or not, and learn what steps you need to take in order to achieve compliance.
]Finally, get your PCI Compliance Certificate from the compliance service you signed up with, keep it for your records, and make sure to repeat the process before it expires!

Effective January 1, 2018, MasterCard will be implementing pricing changes to the Data Integrity Monitoring program. MasterCard will assess a noncompliance fee against any ICA number that fails to comply with a Data Integrity edit based on each edit’s threshold and comply-by date. Merchants identified as failing will receive non-compliance assessments in accordance with their volume of failing transaction. Non-compliance fees could be up to $20,000 based on the months and volume of failing transactions.

Months non compliant (after the comply-by date) Assessment per month, per edit
[*]1 - 9 USD 2,500

[*]10 - 18 USD 5,000

[*]19 - 24 USD 10,000

[*]25+ USD 20,000

Visa is reminding clients they are responsible for preventing brute-force attacks on the Visa Payments System and is providing an overview and best practices to assist in identifying and mitigating these types of attacks. Best practices can be found at the following link. https://usa.visa.com/support/merchant/library/visa-merchant-business-news-digest.html


Merchants not using a registered 3rd party service provider / vendor (TPSP) such as but not limited to terminal service providers, paper shredding services, or any service provider with access to the terminal are at risk of receiving a Non-Compliance Assessment. This registration is to ensure that all third parties are PCI Compliant and adhering card brand rules and regulations. Financial Penalties will be assessed for use of an unregistered 3rd party vendor. First Data will be contacting any merchant reported as using an unregistered 3rd party provider or Terminal Services Provider.


As communicated in previous months, MasterCard will be issuing cards that begin with a “2” beginning 2018.
These “2” series BIN cards must be accepted at all merchant locations who currently accept MasterCard transactions. If your terminal is not updated to accept the new “2” series BIN cards, non-compliance assessments can occur. Please contact your terminal or software provider to ensure your business is ready for the new card types.

For any questions you may have regarding the above notes, you would need to contact your Processing Company and/or your POS Company Directly!
I suggest you do that soon to ensure you have all requirements in place.

This is important for all merchants who accept credit cards!
[]Windows XP is not compliant, and no you cannot have a computer running Windows XP that is not the “Server” to process & transmit Credit Card Data. Any workstation connected to a network where credit cards are being processed, has to have supported operating system for the whole network location to be compliant.
]There are no major costs associated with achieving compliance. All you have to do, is upgrade your operating system if using windows XP, to a supported OS. Provided of course, that your computer is strong enough in specs & resources to support such upgrade. Otherwise, additional costs for parts might be involved.
[]THIS IS NOT A HARD DISK DRIVE ISSUE. IT’S AN OPERATING SYSTEM ISSUE THAT HAS TO DO WITH CERTIFICATES THAT ARE NOT SUPPORTED ANY LONGER! It’s not the hard drive that is not compliant as I’ve read here that some POS company charged almost $2000 for hard drives!!! LOL Hard drives (HDD) or even Solid State Drives (SSD) can be purchased for less than $100!
]BE AWARE! PCI Compliance in most cases comes as a service from your processor and besides the monthly or annual fee you agreed upon, there are no other additional charges required. However, penalty fees and assessments as described above, might occur if you don’t take necessary steps to become compliant.
[]NO POS SOFTWARE offers compliance status for your business if you by yourself do not complete the “Self-Assessment Questionnaire”. POS Systems are compliant for themselves and by them being complaint, that allows you to pass the “Vulnerability Scan”.
You can find all additional information regarding PCI-Compliance on the links below: