Posts Tagged ‘PCI Fines’

This is a great video that explains PCI Compliance.  VMS-Washington encourages all business owners to learn more about credit card processing so they can save more money on their processing, learn better ways to processing and to know right from wrong when talking to a potential credit card processor.

If you’re interested or want more information about interchange and better rates from an “A Rated” company contact us, VMS-Washington is giving businesses the Summer Deal of the Year.  For a limited time we are offering rock bottom rates for new and existing businesses.  The questions we always ask business owners are:

  • Have you checked out your current or potential merchant service company on the BBB?
  • Does your current provider or potential provider promote your business?
  • Does your current provider or potential provider send referrals your way?
  • Are you getting the best rates in town?
  • Has your current or potential merchant told you about the Durbin Amendment?

Wouldn’t you want an A rated company that and will promote your business though their social media and monthly newsletters.  For more information contact us.

Thank you,

800.531.8575 ext.697

Is PCI Compliance a Toothless Tiger?
The massive data breach announced in January by Heartland Payment Systems continues to raise significant questions regarding the state of security in the payment industry. As many as 100 million credit card and debit cards have been compromised, impacting unknown millions of consumers, 175,000 merchants and 600 institutions. One of the most pressing questions of the day is the relevance of the Payment Card Industry Data Security Standard (PCI), which is an industry-driven standard meant to ensure the safe handling of sensitive information.
Leading up to the breach, Heartland listed on its own Website that it was certified as being PCI-compliant last April. “Obviously, Heartland was not in compliance at the time of the breach,” explained Steven Bearak, CEO of Identity Force ( “This lapse in compliance is not just troubling; it causes many to wonder if the PCI standard is in fact a toothless tiger.”
Heartland is still in operation. Visa, while taking Heartland off of its “compliant” list, continues to accept transactions processed by the company. And a top analyst at Gartner Research just this week is urging companies that do business with Heartland Payment Systems Inc. and RBS WorldPay Inc. (another breached processor) not to switch to other payment processors.
Heartland has even gone so far as to threaten to sue companies that try to take its business away by raising questions about the effectiveness of its security systems.
What is clear is that millions of people and merchants have been put at risk, and little is being done voluntarily to mitigate the damage. What good is PCI compliance if there are no penalties involved for the major institutions that claim compliance and are not?
Security is only as strong as the weakest link. PCI compliance certification is not a guarantee against breaches. Organizations should prepare accordingly.
PCI compliance requires that any business that processes transactions, stores credit card or card holder data MUSTbe compliant with the PCI DSS (Payment Card Industry Data Security Standards). If you handle or accept credit cardpayments then this means you too. Non-compliance is not an option and the fines and consequences are hefty.
Credit card data, personal information and other private data attacks are a big part of “white-collar crime”. Anonymity from the crime via internet provides a larger problem and possess bigger treats as the attacks can be launched from anywhere in the world, even from within your own organization. Business size and type has little to do these days with potential data breeches and attacks as some believe that “any data will do” no matter what size the organization or business.Plain and simple, PCI is not optional and should be considered a key business policy to practice compliance. The PCI Security requirements have been put in place to secure the data and everyone must become compliant. Non-compliancy brings about fines and penalties from the payment card industry and providers. Fines can include the following:
  • Fines of $500,000 per data security incident
  • Fines of $50,000 per day for non-compliance with published standards
  • Liability for all fraud losses incurred from compromised account numbers
  • Liability for the cost of re-issuing cards associated with the compromise
  • Suspension of merchant accounts

What Is PCI Compliance?

What Is PCI Compliance?
Simply put, PCI compliance means that as a business, you are properly and securely managing your customer credit card information, sensitive data, credit card transactions and your business environment.
The goal of PCI is to ensure that people who want to conduct business with merchants using their credit cards can do so with confidence and trust because they know that the merchant is compliant with all of the Payment Card Industry (PCI) standards. By doing so, both the consumer and the merchant can continue using recognized Payment Brand credit cards (Visa, MC, Amex, Discover) as the safest, simplest and most trusted means of payment exchange.PCI compliance is outlined by the Payment Card Industry (PCI) Council and the standards for compliance are established by them as well. The primary role of the PCI Council is to advise businesses about what the credit card companies or Payment Brands expect from merchants that transact day-to-day business with their customers using credit cards as a means of payment. As a result, the PCI Council has established a set of credit card payment and security standards to help businesses minimize data breaches and credit card security problems and to provide assurance to their financial service providers that they are PCI compliant as a business.Complying with the PCI Council standards requires the completion of a Self Assessment Questionnaire (SAQ). This SAQ contains questions that require a business owner to know information about how their business operates, handles IT connectivity, completes credit card transactions and stores critical information. Completing the SAQ can be a daunting task for business owners or managers that are not information security professionals. The critical issue in completing the SAQ is the accuracy of the answers to the questions. Getting professional security consultant assistance with the SAQ can be very costly for a small business. As a result, Panoptic Security has developed an online application that provides the expert direction and help needed to guide a small business owner or manager through the PCI SAQ.Panoptic SecurityPanoptic Security and our online PCI compliance solution, ExpertPCI™ helps businesses in assessing whether or not they are PCI compliant and advise on what to do to become PCI compliant. We can provide support for all size and type of businesses, but our online web application was designed by our PCI security experts to make the PCI compliance process easier specifically for small to mid-size business owners.

Our solutions make PCI assessment and compliance more understandable and affordable for any business owner or manager that has been advised by their merchant services provider, bank or credit card company that they need to become PCI compliant. PCI compliance is required for any and all businesses that do credit card transactions with their customers.

Becoming PCI compliant not only assures your merchant services provider, bank and credit card company that your credit card transactions are handled within PCI standards, it also assures your customers that you can provide them with a safe and reliable way to do business with them.
For the ISOs, acquiring banks and processors that work with merchants, PCI compliance is required for your merchants that do credit card transactions. The level and scope of PCI compliance needed for each merchant is what we help you and your merchants assess. We do so in a way that can be managed directly by you or by us.

Thank you all in advance,
Michael Roberts
National Sales Director for Valued Merchant Services
Phone: 800-531-8575 ext.697