Alabama Policyholders: Notice to policyholders recently affected by severe weather. 

Payment Card Industry Data Security Standards (PCI DSS) FAQs

  • No. As a valued merchant customer, you are automatically registered in the PCI DSS Program, but you still need to become PCI DSS compliant. You can click here to open an account with SecurityMetrics®, our 3rd party PCI compliance administrator, and complete compliance requirements online.

  • Not necessarily. Other processors may mandate compliance, charge a high fee and provide little or no support. Some may even require you to seek compliance on your own. It‘s important to work with a processor who provides a source who ensures you meet all PCI DSS requirements to help ensure the protection of you and your customers’ data.

  • The cost for all of the PCI DSS Program benefits is only $60 per account, per year, regardless of the size of your business. Most credit card processors are charging much more for little or no additional protection. Smaller merchants are typically charged more than $100 per year.

  • Contact SecurityMetrics to update your annual compliance certificate prior to your anniversary expiration date. SecurityMetrics will send you reminders prior to expiration.

  • PCI DSS stands for Payment Card Industry Data Security Standards (PCI DSS). PCI DSS is a set of rules established by the PCI Security Standards Council and enforced by the credit card associations (Visa®, Mastercard®, Discover®, etc.) to help avoid breaches and protect consumers from compromises of personal data and credit card numbers.

  • It is a requirement of the credit card associations (Visa, Mastercard, Discover, etc.) of all processors and businesses that accept credit cards. It is an effort to protect you and your customers’ sensitive data.

  • Data breaches are costing credit card associations billions of dollars a year, which affects your rates. Credit card association and regulatory fines can range from $5,000 to $100,000. PCI compliance is a continuous process requiring diligent attention.

  • If a breach is suspected, the card associations may require an independent PCI DSS certified forensics security examiner to inspect merchant business security practices. This examination is performed at your expense and may take several days or weeks.

  • Security policies are thoroughly reviewed and evaluated. Phone lines, computers, modems, routers, servers, workstations, firewalls, software and virus protection are thoroughly inspected. Network service and IP connections are manually tested for security weaknesses.

  • Absolutely. If you'd like to talk to someone, please call 1-800-437-0712 and choose Option 8. A SecurityMetrics representative will guide you on the steps you need to take to become PCI DSS compliant.

  • Millions of electronic credit card records are stolen every year and nearly all data losses are the result of hackers finding and exploiting relatively well-known and understood weaknesses (vulnerabilities) in websites, servers or networks. Breaches can also be the result of human error, e.g., lost laptops, inadvertent posting of data online, misplaced data, etc.

  • No. In fact, hackers and thieves know larger business typically have more resources to spend on data security systems, so they are more likely to target smaller merchants.

  • Yes, the credit card associations require processing companies and their customers to be PCI DSS compliant.

  • You will still be automatically enrolled and will be billed once a year. As a result, you may choose to cancel services with your other PCI provider.

  • Online questionnaires are no longer acceptable. For your protection, we require that a Qualified Security Assessor (QSA) verify your compliance with PCI DSS standards and certify that you have performed the appropriate self-assessment questionnaire. SecurityMetrics provides you with a source to do so.

Request a Quote or Comparison

Apply Now    Take the Challenge

This website uses first party and third party cookies to improve your experience and anonymously track site visits. By visiting this website, you opt-in to the use of cookies. OK