While there are many aspects to data security, protecting your business from a data breach starts with a good foundation. Businesses that complete PCI DSS compliance validation have not only taken the first steps in guarding against a costly breach event, but also protect themselves from card brand non-compliance fines, fees, and assessments for forensic investigations, fraudulent purchases, and the cost of re-issuing cards. Current card brand regulations and certain state laws place more responsibility on businesses to protect cardholder payment data. There are information security standards for organizations that store, process, or transmit payment card data called Payment Card Industry Data Security Standard (PCI DSS). Failure to meet established industry and regulatory data security standards can result in fines, fees, a loss of income, and negative brand perception.
There are four merchant levels for PCI DSS compliance:
Level 1: Merchants processing over 6 million card transactions per year.
Level 2: Merchants processing 1 to 6 million transactions per year.
Level 3: Merchants handling 20,000 to 1 million transactions per year.
Level 4: Merchants handling fewer than 20,000 transactions per year.
Level 1: Merchants processing more than 6 million credit or debit card transactions annually. Report of compliance must be conducted by an authorized Qualified Security Assessor (QSA), and must undergo an internal audit once a year. Additionally, once a quarter, they must submit to a network scan by an Approved Scanning Vendor (ASV).
Level 2: Merchants processing between 1 and 6 million card-present credit or debit card transactions annually. They’re required to complete an assessment once a year using a Self-Assessment Questionnaire (SAQ). Additionally, a required quarterly network scan must be provided by an ASV.
Level 3: Merchants processing between 20,000 and 1 million transactions annually. They must complete a yearly assessment using the relevant SAQ. Additionally, a required quarterly network scan must be provided by an ASV.
Level 4: Merchants processing fewer than 20,000 transactions annually, or those that process up to 1 million transactions. A yearly assessment using the relevant SAQ must be completed or other alternative validation exercise as defined by the acquirer and a quarterly quarterly network scan may also be required from an ASV.
Elavon’s PCI program offers up to $20,000 per incident per MID of breach assistance per Customer ID number if you are enrolled and have validated your PCI DSS compliance.
The online portal takes you step-by-step through the PCI DSS compliance validation process, including assistance with the PCI Self-Assessment Questionnaire (SAQ) and network vulnerability scanning (if applicable).
Access to valuable tips, information and best practices that make it easy to understand how you can safeguard your business and your customer payment data.
Access to Elavon PCI professionals when you need it. We have answers to your PCI DSS questions through online help, email, and phone.
We want to hear from you. If you are interested in setting up a new merchant account with us, please contact us through the form below and we'll call between the hours of 9:00 AM and 7:00 PM EST, Monday-Friday. If you require assistance with an existing account, please call our customer service line 24/7/365.