Skip to Content
MCCS - Merchants' Choice Credit Card Services
MCPS Corporate Office
P.O. Box 8339
The Woodlands, TX 77387-8339
1-800-327-0093

Payment Card Industry (PCI) Data Security Standards

The Card Associations (Visa, MasterCard, Discover, American Express, and JCB) created a single standard, the Payment Card Industry Data Security Standard (PCI DSS) in order to safeguard customer information. All merchants accepting credit/debit cards are required to comply with the PCI DSS. PCI DSS is a multi-faceted security standard that includes minimum standards for security management, policies, procedures, network architecture, software design and other critical protective measures related to storing, processing and transmitting cardholder data. This comprehensive standard is intended to help merchants and service providers proactively protect customer account data.

There are 12 basic requirements of PCI DSS which are listed below.  Details of PCI-DSS are available at www.pcisecuritystandards.org.

Build and Maintain a Secure Network

  • Requirement 1:Install and maintain a firewall configuration to protect cardholder data
  • Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data 
  • Requirement 3: Protect stored cardholder data
  • Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
  • Requirement 5: Use and regularly update anti-virus software
  • Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
  • Requirement 7: Restrict access to cardholder data by business need-to-know
  • Requirement 8: Assign a unique ID to each person with computer access
  • Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
  • Requirement 10: Track and monitor all access to network resources and cardholder data
  • Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy

  • Requirement 12: Maintain a policy that addresses information security

 

Compliance


Compliance with PCI DSS helps reduce your exposure to a data breach and costly fines, audits and assessments. Non compliance and data breaches are time consuming, brand damaging, costly and even business crippling.
 
Merchant-based vulnerabilities may appear almost anywhere in the card-processing ecosystem including point-of-sale devices; personal computers or servers; wireless hotspots or Web shopping applications; in paper-based storage systems; and unsecured transmission of cardholder data to service providers. Vulnerabilities may even extend to systems operated by service providers. Compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) helps to alleviate these vulnerabilities and protect cardholder data.
Compliance requirements are different based on your merchant level and how you process payment transactions. Merchant Levels have been prioritized and defined for compliance validation based on the volume of transactions, potential risk, and exposure by merchants and service providers.
 
 
MCPS appreciates the business relationship that we have with you and want you to know that we are committed to help you succeed. MCPS has teamed up with the industry’s best providers to help safeguard your sensitive cardholder data and provide you with indemnity coverage up to $50,000 through the MCPS PCI Protection Plan.

If you have any questions about this notice or any MCPS program or service, please contact us.
 (site login is your MerchantID, password is your 5 digit zipcode plus two letter state code-lowercase letters) 

Additional Resources

 

PCI Security Standards Council Web Site: www.pcisecuritystandards.org

PIN Entry Devices: www.pcisecuritystandards.org/pedapproval

Payment Applications: www.pcisecuritystandards.org/pa_dss

PCI DSS: www.pcisecuritystandards.org/security_standards/pci_dss.shtml  

Approved Assessors and Scanning Vendors: www.pcisecuritystandards.org/resources

Glossary: www.pcisecuritystandards.org/glossary

Discover Information Security & Compliance (DISC): www.discovernetwork.com

MasterCard Site Data Protection Program: www.mastercard.com

Visa CISP Program: www.visa.com/cisp