PCI Highlights for ISOs and Financial Institutions

At Clearent, our goal is to help you grow your merchant portfolio. One way we do this is by creating awareness and providing education on the key issues your merchants face.

The Payment Card Industry (PCI) Data Security Standard (DSS) is one of these issues. The PCI DSS was created to help protect cardholder data that is processed, stored or transmitted by merchants. All merchants that accept card payments, regardless of size, must comply with the PCI DSS.

In addition to creating awareness and education around the PCI DSS, Clearent is also simplifying the compliance process for merchants. Clearent has developed easy-to-understand self-assessment merchant questionnaires that make it simpler and less time consuming for merchants (questionnaires are for Clearent merchants only). And, because Clearent’s technology was designed around PCI, merchants can feel confident that they have a strong partner who will protect both their business and their customers.

The following information provides a high-level review of the steps merchants accepting payment cards should take to help achieve compliance and minimize potential loss:

PCI Data Security Standard

Protect Cardholder Data
  • Make sure all receipts truncate the cardholder’s account number.
  • Protect stored data, including electronic data, your customers’ sales slips and your receipts.
  • Store copies of all sales receipts in a secure manner.
  • If you destroy sales receipts, make sure they are unreadable.
  • Give the carbon copy of the sales receipt to your customer.
  • Encrypt transmission of cardholder data and sensitive information across public networks.

Build and Maintain a Secure Network
  • Install and maintain a firewall configuration to protect data.
  • Do not use vendor-supplied defaults for system passwords and other security parameters—create your own unique password(s) and never give it to anyone.

Maintain a Vulnerability Management Program
  • Use and regularly update anti-virus software.
  • Develop and maintain secure systems and applications.

Implement Strong Access Control Measures
  • Restrict access to data to only those that need to know it for a business purpose.
  • Assign a unique ID to each person with computer access.
  • Restrict physical access to cardholder data.

Regularly Monitor and Test Networks
  • Track and monitor all access to any network resources and cardholder data.
  • Regularly test security systems and processes.

Maintain an Information Security Policy
  • Maintain a policy that addresses information security.