Introduction to PCI
Data security has become a primary consideration for every business that accepts credit and debit cards for the payment of goods or services. To promote the security of the credit and debit card payment systems, the major card brands established the Payment Card Industry Council (PCI) to oversee its Data Security Standards (DSS).
Merchants of all sizes must ensure that cardholder data is protected from a security breach. A typical breach costs a small business merchant $25,000 – $50,000, but can run much higher depending on the number of cards compromised. To protect cardholder data and mitigate financial exposure, it is imperative that all merchants validate and demonstrate PCI-DSS compliance.
Elavon’s PCI Compliance Program takes a comprehensive approach to help your business securely manage cardholder data and ensure compliance, while protecting your reputation and your bottom line. Elavon’s program is focused on three key areas:
- Education – materials and information to help you understand PCI-DSS compliance
- Validation – tools to help you validate and demonstrate compliance and protect your business
- Financial Protection – programs to mitigate your financial exposure should a breach occur
Protection begins the day you start as an Elavon merchant. Please review the materials contained in this pamphlet and you’ll be on your way to establishing a secure processing environment.
NOTE: Compliance validation certification must be renewed annually. Non-compliance may result in additional fees. Refer to your merchant application for terms and associated fees and fines.
Secure Your Business
All merchants are required to comply with PCI-DSS and all payment applications must be certified and validated annually. New merchants have ninety (90) days from merchant application approval to validate compliance. Existing merchants will be notified annually regarding recertification requirements. Non-compliance may result in additional costs and expenses.
To help protect your business, Elavon’s PCI Compliance Program makes learning about PCI and validating compliance simple:
- Visit our PCI website, http://pci.elavon.com, for PCI education and tips on protecting cardholder data. You’ll find an overview of PCI, a comprehensive list of Frequently Asked Questions (FAQ), and links to industry resources. You can also access our Visa® and MasterCard® accredited Qualified Security Assessor (QSA) and Approved Scanning Vendor (ASV).
- Choose your payments environment online and access a portal to complete the annual Self-Assessment Questionnaire (SAQ), a validation tool that helps you meet compliance requirements.
- Complete the SAQ filing with assistance from our ASV that provides POS/PMS system scanning software and services to validate compliance, produce the required transaction analysis reports, and help you understand the requirements.
- Contact our dedicated Elavon PCI customer support line for answers to your questions and guidance throughout the validation process.
NOTE: If you already have validated compliance with an approved Quality Security Assessor, you do not have to re-certify through Elavon, but you must submit your certificate of validation within ninety (90) days to avoid potential non-compliance fees. In addition, in order to take advantage of discounted annual fees for business with multiple points of sale, you must insure that your merchant profile details are up-to-date with Elavon.
Protect Your Bottom Line
Even with PCI validation in place, your business could be exposed to a security breach. In the event of a breach, costs and expenses can quickly add up. These include, but are not limited to: payment network fines and assessments, forensic fees associated with a compliance audit of your business environment, merchant notification mailing costs, and legal fees.
We understand the time and financial commitment you make to stay PCI compliant, and we recognize that your efforts warrant a level of financial protection for your business.
That’s why our PCI Compliance Program goes the extra mile. At Elavon, we extend financial support when you need it most. Depending on your level of PCI Compliance, you can count on Elavon to help your business mitigate those expenses.
- Elavon merchants with PCI validation confirmed through Elavon’s PCI Compliance Program partner may receive financial coverage up to $100,000 per incident.
- Elavon merchants with PCI validation not provided through Elavon’s PCI Compliance Program partner may receive financial coverage up to $50,000 per incident.
- Non-compliant Elavon merchants may receive up to $10,000 per incident.
NOTE: Elavon’s program covers certain payment network fines and the cost of a forensic audit up to your eligible amount of coverage. Other costs (i.e. legal costs, chargebacks, cardholder notification, system upgrades, etc.) may vary by incident and State and are not covered under the program.
Data Breach
In the event that your business experiences a data breach, Elavon may be contacted by the involved payment networks. We will then contact you, communicate the extent of exposure from the attack and assist you through the necessary steps to protect your business. We’ll put you in touch with Qualified Forensic Investigators who will conduct a thorough examination of your payment environment to identify the systems and/ or processes that resulted in the security breach and recommend additional steps you should take to protect your business and your reputation.
As a part of Elavon’s compliance program, certain payment network fines, fees, and assessments associated with each compromise incident will be retained by Elavon and may not be passed on to you, depending on your level of available coverage. Elavon will also reimburse you for the incurred costs of a comprehensive forensic audit performed by a QSA up to your level of available coverage.