Compliance with Payment Card Industry Data Security Standards (PCI DSS)
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.
Overview
Accepting payment cards whether in-store, online, or over the phone means you are handling sensitive customer data. With this responsibility comes a mandatory obligation of compliance with the Payment Card Industry Data Security Standard (PCI DSS).
PCI DSS compliance is not just about avoiding penalties, it is about protecting your customers, your business, and your reputation. By following PCI DSS requirements, you demonstrate your commitment to security and responsible data handling.
To support our merchants with this payment card industry compliance requirement, the Bank has partnered with a third-party provider (GM Sectec) to develop a PCI Merchant Portal to simplify the compliance process.
To become certified, merchants must complete an online questionnaire which asks a series of questions to validate the processes within their business. It determines if card data is captured or stored and whether this is done in a manner that conforms to the requirements of major card brands. Based on your responses, more information may be required to ensure stringent protection of cardholders’ information before becoming certified.
How to get started for (PCI DSS)
How to Create a Login
How to reset your password
- Ensure you have the following information readily available before you start the certification process.
- Your Merchant ID (This is the 15-digit unique number provided by the bank when you were onboarded).
- Your Merchant Zip Code (enter as 00000)
How to get PCI Compliant
1. Upon successful login to the portal, you will be required to answer a few simple questions which determine the appropriate SAQ for your business.
2. The SAQ will then be presented to you for completion and submission.
The process of getting certified is easy.
Follow these steps:
You would receive a personalized email from First Citizens Bank advising of PCI DSS and the need for PCI DSS Certification.
You will be directed to the GM Sectec portal via https://pciportal.gmsectec.com
Create an account. To login, you will be required to enter your Merchant ID and Zip Code
Complete the prescreening questions and Self-Assessment Questionnaire (SAQ) to determine whether your operations are compliant with international standards.
Upon the completion of the above steps, you will receive a notification confirming your certification. Please note PCI certification is required annually. Look out for an email from the GM Sectec Merchant Portal reminding you to repeat this process prior to the expiration of your compliance certificate.
PCI DSS Merchant Portal FAQs
What is PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) is a global security standard established by major card brands (e.g. Visa, MasterCard) to ensure that all entities handling payment card data maintain a secure environment.
Who needs to comply with PCI DSS?
All merchants that accept, process, store, or transmit credit or debit card data must comply with PCI DSS, regardless of size or transaction volume.
Why is PCI DSS compliance important?
Compliance helps protect cardholder data, maintain customer trust, and avoid penalties or the lossof card acceptance privileges
What are the PCI DSS merchant transaction levels?
Merchants are categorized into four levels based on annual transaction volume. Level 1 handles over six million transactions, while Level 4 handles fewer than one million. Higher levels require more stringent validation, such as quarterly scans.
What is an SAQ?
A Self-Assessment Questionnaire (SAQ) is used by merchants to evaluate their PCI DSS compliance. The type of SAQ depends on how the merchant processes card data.
How often must an SAQ be completed?
All merchants must complete the SAQ annually. You will receive a notification when your next SAQ is due for completion.
What is a PCI DSS scan?
A PCI DSS scan is a website review which ensures there are no potential vulnerabilities in the systems handling payment card data.
What is required to complete the PCI DSS scan?
To complete the PCI DSS scan, you must have your website IP Address available. Simply enter the IP Address on the merchant portal to initiate the scan.
How often is a PCI DSS scan required?
The PCI DSS scan must be completed quarterly, and merchants must have a PASS report each quarter to remain compliant with this requirement. Once you complete the initial scan you can schedule the quarterly scans for automatic completion via the merchant portal.
What happens if the PCI DSS scan is non-compliant?
If your scan is non-compliant on the merchant portal go to your Merchant Dashboard where you can review your results. Click on the scan remediation portion of your dashboard to access the recommended steps to take. Once you have completed the recommended steps you can complete the re-scan.
What happens if the PCI DSS scan is non-compliant?
If your scan is non-compliant on the merchant portal go to your Merchant Dashboard where you can review your results. Click on the scan remediation portion of your dashboard to access the recommended steps to take. Once you have completed the recommended steps you can complete the re-scan.
Why should merchants comply with PCI DSS?
Merchants that comply with PCI DSS have processes and controls in place to reduce the risk of card data theft and fraud.
What happens if merchants are not compliant?
Non-compliance may result in fines, increased transaction fees, or suspension of card processing privileges. Merchants may also be liable for data breach investigation and remediation costs.
Do small businesses need to comply?
Yes, all merchants that accept card payments must comply.
How can merchants attain PCI DSS compliance?
Through the merchant portal the PCI DSS Compliance process is simple and easy. In order to achieve Compliance, the merchant certification portal will guide you through a few steps:
- Identifying your card environment.
- Completing your self-assessment questionnaire.
Fulfilling any other security requirements such as vulnerability scanning
Is there a cost for PCI DSS compliance?
No, access to the merchant portal and the PCI DSS certification is free of charge at this time.
Who can merchants contact if they encounter issues when completing the PCI DSS Certification.
For assistance merchants can contact the GM Sectec PCI DSS Help Desk via pcihelpdesk@gmsectec.com
Alternatively, merchants can also contact the bank via posoperations@firstcitizenstt.com
Where can I find more information on PCI DSS?
Visit the PCI Security Standards Council at www.pcisecuritystandards.org or contact our Merchant Services team for more information via posoperations@firstcitizenstt.com
