• PCI Compliance
  Made Easy
• PCI Highlights for Merchants
• PCI Highlights for ISOs
  and Financial Institutions

Additional PCI Resources

• RSPA YouTube Video
• PCI Security Standards Council Website
• Better Business Bureau Data Security Microsite

Approved Third-Party Providers

If you currently use a third-party provider, please click here to make sure they are PCI compliant. If your provider does not appear on this list, you should request a copy of their PCI compliance letter.

PCI Highlights for Merchants

What is PCI and Why is it Important

The Payment Card Industry (PCI) Data Security Standard (DSS) was created to help protect cardholder data that is processed, stored or transmitted by merchants. All merchants—regardless of type or size—that accept payment cards must comply with the PCI DSS.

By complying with this standard, you can help minimize the opportunity for loss and related fees that can result from a data breach. However, understanding what these standards mean to your business and what you need to do to bring your business into compliance can be confusing and overwhelming.

How Clearent Can Help

Minimizing the confusion and simplifying PCI compliance is where Clearent comes in. As your payment processing provider, we are committed to giving you the clarity, education and support you need to achieve compliance and safeguard your business and the confidence of your most valued asset—your customers.

Simplified PCI self-assessment questionnaires have been designed specifically for Clearent merchants. If Clearent is your merchant services provider, you are required to complete and submit a PCI questionnaire.

Once Clearent receives your completed questionnaire, we will review the results and contact you with your compliance status. If a merchant is not compliant, Clearent will provide the information and support needed to bring their business into compliance.

Key Standards for All Merchants

Whether you’re a merchant that processes with Clearent today or not, there are several key areas all merchants should address in their business practices. The following information is a high-level review of these areas:

PCI Data Security Standard

Protect Cardholder Data	Make sure all receipts truncate the cardholder’s account number. Protect stored data, including electronic data, your customers’ sales slips and your receipts. Store copies of all sales receipts in a secure manner. If you destroy sales receipts, make sure they are unreadable. Give the carbon copy of the sales receipt to your customer. Encrypt transmission of cardholder data and sensitive information across public networks.
Build and Maintain a Secure Network	Install and maintain a firewall configuration to protect data. Do not use vendor-supplied defaults for system passwords and other security parameters—create your own unique password(s) and never give it to anyone.
Maintain a Vulnerability Management Program	Use and regularly update anti-virus software. Develop and maintain secure systems and applications.
Implement Strong Access Control Measures	Restrict access to data to only those that need to know it for a business purpose. Assign a unique ID to each person with computer access. Restrict physical access to cardholder data.
Regularly Monitor and Test Networks	Track and monitor all access to any network resources and cardholder data. Regularly test security systems and processes.
Maintain an Information Security Policy	Maintain a policy that addresses information security.