Payment Card Industry Data Security Standard

The Payment Card Industry Data Security Standard, also known as PCI DSS, is the industry mandated security requirement for all merchants that process, transmit or store credit card information. There are 12 core requirements that expand into roughly 250 controls. Merchants can use the Council supplied Self Assessment Questionnaire as a compliance validation guideline and tool.

Merchant PCI Levels

The Council divided up the nation’s 7 million merchants into 4 levels depending on annual transaction volume. Nearly 6 million of the nation’s merchants fall into Level 4 which includes those doing 20,000 or fewer ecommerce transactions or up to 1,000,000 annual card present transactions. The number of transactions is not total, rather, the largest number of a single card type which is nearly always Visa.

Merchant Credit Card Breaches

The Council introduced the PCI Data Security Standard as a response to a number of high profile breaches where hundreds of thousands and even millions of credit card records were stolen. The rampant fraud and consumer identify threat was undermining the value of debit and credit card use and bank interchange revenue so the Data Security Standard was created to counter the vulnerabilities.

Credit Card Information Storage

The PCI Data Security Standard prohibits the storage of certain credit card information such as the CVV2,CVC2 and CID (three and four digit numbers), PIN information and magnetic strip data. If stolen, this information can be used to create a fraudulent credit card. Merchants can however store cardholder name, number, expiration date and service code. If the account number is stored however, it needs to meet the Data Security Standard encryption requirements.

Credit Card Data Security

A number of recent high profile breaches has demonstrated that compliance does not equal security. Even merchants that previously achieved compliance are getting breached and facing the business, financial and PR consequences that follow. With Braintree, even if a merchant were to be breached, there is not credit card information present in a merchant environment to be stolen.

Achieving PCI DSS Compliance

Achieving PCI Compliance can be a complicated and arduous task. Most merchants are finding it similar to the iceberg effect where it will always cost more money, more resources and be more complicated than anticipated.

Merchants are increasingly turning to Braintree where our solutions entirely eliminate the handling, processing and storage of credit card information from a merchant environment without changing the user experience or losing any control over the credit card information. Merchants can achieve compliance in as few as 60 days by integrating our platform agnostic, web service. Watch How.

Comprehensive Payment Processing Solutions

In addition to our PCI Compliance focus and specialty, we offer a full range of products and services to provide merchants with a single solution for all payment processing needs:

• Merchant Account
• Echeck, ACH, and EFT
• Payment Gateway & Virtual Terminal
• Risk/Fraud Management
• Recurring Billing
• Remote Credit Card Storage