a PCI-DSS compliant service provider
What is PCI-DSS?
PCI-DSS stands for Payment Card Industry (PCI) Data Security Standard (DSS). PCI-DSS is the industry security standard resulting from a cooperative effort between VISA and MasterCard to establish a single approach to safeguarding sensitive data for all card brands.
What is CISP and how is it related to PCI-DSS?
CISP stands for Cardholder Information Security Program. Initially mandated in June of 2001, the purpose of the program was to protect VISA cardholders’ data. In 2004, CISP requirements were incorporated into PCI-DSS which prevailed as the industry standard for cardholder data security.
What is the purpose of PCI-DSS?
The principal objective of the requirements imposed by PCI-DSS is to protect cardholder data wherever it resides.
Who is affected by PCI-DSS?
PCI-DSS is required of all merchants and service providers that process, store, transmit or otherwise handle cardholder data.
Why should I care?
The VISA Acquiring member (the financial institution that sponsored you as a merchant) is responsible for ensuring that their merchants use only PCI-DSS compliant service providers. Because VISA members (issuers and acquirers) are responsible for any liability that may occur as a result of non-compliance, your business’ ability to get, or keep, a merchant account will depend directly on the compliance level of the service providers you use.
Are certain payment channels exempt from PCI-DSS requirements?
None are exempt. All payment channels which accommodate card payments are subject to PCI-DSS compliance.
Are there levels of PCI-DSS compliance?
Yes. There are three levels of compliance.
Which level of compliance should I look for in a service provider?
Level 1 is the highest level of compliance imposing the most stringent data security requirements upon service providers and payment gateway providers. On-going best practices are enforced by quarterly network security scans and annual On-site PCI Data Security Assessments performed by a third-party Qualified Security Assessor.
Which Service Provider Level is Autoscribe, provider of Payment Vision Gateway Svcs?
Autoscribe is Service Provider Level 1.
How can I know which vendors and service providers are PCI-DSS compliant?
Download the current list of PCI-DSS compliant service providers from the VISA site. http://usa.visa.com/download/merchants/cisp-list-of-pcidss-compliant-service-providers.pdf