Understanding PCI

What is PCI?

PCI, short for PCI-DSS, stands for Payment Card Industry Data Security Standards. PCI-DSS provides information security standards for all organizations that collect, process, and store credit card data. 

Why do I have to comply with PCI standards?

Any merchant that accepts credit and debit cards electronically, regardless of the type of system they use, must follow the card brands' rules regarding security. PCI-DSS states that protecting cardholder data is the responsibility of every merchant. The adopted common standards of PCI-DSS provide merchants with unified guidelines on safeguarding sensitive data.

PCI-DSS compliance requirements range from ensuring no sensitive card data is stored on your systems to following data security policies.

Where can I find a copy of the PCI-DSS standards?

The complete list of standards is available for download from the PCI Security Standards Council.

What is our relationship with Security Metrics?

As your Acquiring Bank, we provide you with a merchant account to process credit card payments. As part of our responsibilities to the card brands, we must ensure that every merchant is compliant with PCI-DSS. To make the process as easy as possible, we have partnered with Security Metrics, a security firm with deep expertise in PCI-DSS, to assist you with the process of validating compliance.

What Services does Security Metrics offer?

Our agreement with Security Metrics includes three services; the first two services are included with your merchant account at no additional cost.

  1. Scoping Questionnaire - The scoping Questionnaire is a series of questions that will determine which Self Assessment Questionnaire, or SAQ, you will need to complete.
  2. Online SAQ form 
  3. Scanning - A scanning service will be offered if the scoping questionnaire indicates that system scanning is needed.

All results are transmitted automatically from Security Metrics to us. We will submit your SAQ and Scan (if applicable) results to the card brands on your behalf.

I already am compliant with PCI-DSS and can provide the attestation of compliance to Maast.

You are not required to use the Security Metrics service. You can use any vendor of your choosing. If you choose to use a vendor, please send us a copy of your most recent scan results and SAQ to our support team

I have a merchant account. How do I contact Security Metrics to start the PCI validation process?

If you need to contact Security Metrics, our Customer Support Team will be able to assist you.