Protecting Cardholder Data & Security Is Your Responsibility
Ensuring the safety of your customers' cardholder information can help your business strive to create and maintain a positive image, enhance customer confidence and even assist in improving your bottom line.
As part of Moneris' ongoing provision of credit and debit card processing services, we want to provide you with some critical information regarding the Payment Card Industry (PCI) Data Security Standard (DSS) and the Card Association Compliance Programs.
It is important to note that all Merchants and Service Providers that store, process, or transmit cardholder data must comply with PCI DSS and the Card Association Compliance Programs. However, certification requirements vary by business and are contingent upon your "Merchant Level" or "Service Provider Level". Failure to comply with PCI DSS and the Card Association Compliance Programs may result in a Merchant being subject to fines, fees or assessments and/or termination of processing services.
The PCI DSS is enforced by the Card Associations (American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International). Moneris has taken the steps to provide our valued clients with necessary information and associated links to assist in assessing the actions your business should take to ensure that you are compliant.
The PCI Security Standards Council (PCI SSC) is an independent body founded in September 2006 by five major credit card networks - American Express, Discover Financial, JCB, MasterCard Worldwide, and Visa International. The PCI SSC is responsible for the development and ongoing evolution of security standards for account data protection.
The PCI SCC currently manages the following security standards:
PCI Data Security Standard (DSS)
PCI PIN Entry Devices Program (PED)
PCI Payment Application Data Security Standard (PA-DSS)
The PCI SSC is also responsible for the training and qualification of security assessors and vendors that validate merchant and service provider compliance against these standards. The PCI SSC is not responsible for enforcing compliance to these standards. Enforcement of compliance is managed independently by the Card Associations.