PCI DSS Compliance Requirement

As a merchant accepting credit/debit cards for payments, you are required to be compliant with the Payment Card Industry Data Security Standards (PCI DSS). The PCI DSS security requirements are mandated for all members, merchants and service providers that store, process or transmit cardholder data. This means that the software or equipment your business uses to process credit and debit card transactions must abide by the standards set forth by the PCI Security Standards Council. These standards were established by all of the major credit card associations (American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa, Inc.). For more information about PCI DDS, visit https://www.pcisecuritystandards.org.

Our Compliance Assistance Program

Alliant Merchant Services has established a relationship with Data Delivery Services and Comply Guard Networks, a leading provider of PCI audit and scan services. They are certified by the PCI Security Council as an approved scanning vendor (ASV). Utilizing our compliance assistance program provides you with access to trained professionals to help your business comply with PCI DSS Self-Assessment Questionnaire (SAQ) and includes (if applicable to your business) the required quarterly scans of your processing systems. To register and initiate the analysis of your account, please click the "Register Now" button at the top or bottom of this page. For more information, please call us toll-free at (866) 341-8171.

PCI Compliance Validation Service Program

Frequently Asked Questions

What is PCI DSS?
The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of requirements for enhancing payment account data security. These standards were developed by the PCI Security Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. to facilitate industry-wide adoption of consistent data security measures on a global basis. The standard aims to increase awareness and promote best practices in the handling of sensitive information as a means to minimizing identity theft and fraudulent transactions.

As a small merchant, do I still need to be PCI compliant?
Yes, all merchants, whether small or large, are required to be compliant. The payment brands have collectively mandated PCI DSS compliance for any all organizations that process, store or transmit payment cardholder data. Inherent in having a merchant account is the ability to handle cardholder data.

I already use a "PCI compliant" terminal/gateway. Doesn't that mean I am compliant?
No. Use of a PCI compliant payment application is one aspect of the many PCI DSS requirements, which cover handling of sensitive data. Currently, the PCI DSS lists twelve requirements. These requirements are organized around the following principles:

• Build and maintain a secure network
• Protect cardholder data
• Maintain a vulnerability management program
• Implement strong access control measures
• Regularly monitor and test networks
• Maintain and information security policy

Can I choose not to certify for PCI compliance?
If you choose not to complete the self-assessment questionnaire (and applicable network scans) you may overlook certain data security practices that minimize your risk of a security breach. In the event that your business is compromised, you may be subject to substantial fines per payment brand. These fines would be in addition to the expenses and fraudulent transactions resulting from the breach. Failure to validate compliance may result in the termination of your merchant account.

What do I need to do to validate my PCI DSS compliance?
We have established a relationship with Comply Guard Networks, a leading provider of PCI audit and scan services. Comply Guard Networks service includes: assistance in determining which version of the Self-Assessment Questionnaire is appropriate for your business; administration of any applicable network scans; guidance on any necessary remediation efforts; and certification and validation of your account's compliance. These Comply Guard Networks services are available to you as part of our PCI Compliance Assistance Service Program. You can take advantage of this opportunity by registering via our web-site at: www.alliantms.com or by calling (866) 341-8171.

How long is the PCI compliance certification valid?
The PCI compliance certificate is valid for one year from the date the certificate is issued. To maintain your compliance, you are required to complete the PCI DSS self-assessment questionnaire annually and conduct any applicable network scan on a quarterly basis.

What if I have already been certified through another vendor?
If you have already been PCI DSS certified through another Qualified Security Assessor (QSA)/Approved Scanning Vendor (ASV), please submit your certification documentation to us via e-mail at pcisupport@alliantms.com or by fax to (703) 448-1906.