Understanding PCI Compliance for FusionPay Customers
- As a FusionPay customer, you are responsible for securely storing, processing, and transmitting cardholder data.
- The PCI Data Security Standard (PCI DSS) is developed and maintained by the PCI Security Standards Council to provide a set of requirements for the prevention, detection and reaction to cardholder data security breaches that could affect a business.
- To become PCI compliant, a business needs to implement and maintain a series of requirements that create a secure payments environment, protecting your customers and maintaining privacy for their payment card data.
- To certify compliance, complete a Self-Assessment Questionnaire (SAQ) and provide an Attestation of Compliance (AOC) annually.
FusionPay is backed by PaySimple. PaySimple is a Level 1 PCI DSS certified Service Provider. PaySimple cannot certify a FusionPay customer as compliant. You must individually certify PCI Compliance with its credit card processing company directly.
PCI Compliance Levels
To become PCI compliant, your business needs to implement and maintain a series of requirements that create a secure payment environment, protecting your customers and maintaining privacy for their payment card data. To certify compliance, most merchants (except extremely large ones) must complete a Self-Assessment Questionnaire (SAQ) and provide an Attestation of Compliance (AOC) annually.
The size of your business and the number and type of transactions you complete each year determines the level of compliance you must maintain and the complexity of the SAQ you must complete. Overall, there are four levels of PCI compliance.
Small businesses processing fewer than 1 million transactions per year are considered Level 4 merchants; as long as fewer than 20,000 of those transactions are classified as e-commerce (your customers enter transactions themselves on a website). If your credit card processing exceeds those levels, your business falls into a higher compliance level.
How you process your transactions is also important. There are different types of SAQ for merchants who process exclusively card-not-present MOTO (mail order/telephone order) transactions, e-commerce (web) transactions, card-present POS (Point of Sale, this includes using a swipe device on a mobile phone or tablet) transactions, or a combination of the three.
Certifying as PCI Compliant
How do I certify that we are compliant?
Maintaining PCI DSS (Payment Card Industry Data Security Standard) compliance is an industry-regulated requirement for all merchants accepting credit card payments. As a FusionPay customer, your credit card merchant account is through Worldpay, you’ll use their partner portal online to make sure you’re in compliance. Simply using the FusionPay by PaySimple system for your credit card processing takes care of most of the PCI Requirements. However, we can’t certify PCI Compliance for you. Continue reading to learn how to certify PCI Compliance for your business.
To access Worldpay’s PCI tool follow these steps:
Go to pci.worldpay.com and complete the sign-in process. If you need help logging in, please contact our dedicated PCI Support Team, Sysnet, by calling 833.534.8422 or emailing firstname.lastname@example.org.
If it's your first time logging in, follow the First sign-in prompt.
Most businesses can complete the process in about 10-20 minutes. You have the option to stop and save your progress at any time.
PCI Program Benefits
- The Worldpay PCI program provides your business with an electronic solution to attest to your annual PCI status, providing you with the ability to perform vulnerability scans if necessary.
- With access to pci.worldpay.com, you can review your compliance status and annual renewal date at any time.
- Upon completion of PCI, you’ll have access to a validation certificate you can provide to all of your customers that you take the security of their credit card information seriously.
- If you have successfully validated your compliance with the PCI DSS through the PCI Program, in the event of a verified card data security breach, Worldpay will waive up to $50,000 of your liabilities for:
- Costs associated with mandatory Card Brand audits conducted if a breach occurs
- Fines assessed as a result of Card Brand audit findings following a breach
- Costs associated with credit card replacement for compromised card numbers.
Maintaining PCI Compliance
How do I maintain PCI Compliance?
- Only process credit cards using a PCI Compliant Service Provider or PCI Approved Software.
- Always protect cardholder data. This means:
- Encrypting ANY electronic storage of full credit and debit card numbers.
- Any paper document containing a full credit card number must be kept in a secure location (locked file drawer/safe) when not in use.
- Only employees with a business need should have access to credit card numbers.
- Prohibit sharing of User Ids and Passwords and use of Group User accounts.
- Require strong passwords (7+ alpha-numeric characters) for all system access.
- Immediately disable access for all terminated employees.
- Always protect cardholder data. This means:
- Secure all your business computers by installing and activating personal firewalls and anti-virus/anti-malware software and disabling all generic or default User accounts and passwords.
- Create a security policy for your business that addresses all aspects of the PCI DSS.
PCI Program Costs
What does PCI cost me?
- New customers have 60 days to become compliant. After 60 days they are charged a non-compliance fee.
- If you do not achieve compliance, Worldpay will assess a monthly non-compliance fee of $59.95 until you've met this requirement.