Providing customers with secure payment options not only provides them with more incentives to patronize your business – but is also your responsibility. In fact, failure to protect cardholder data could cost your company thousands of dollars in fines, in addition to loss of business.
Rest assured, as a Chase merchant, you have a team of data security experts ready to advise you, keep you informed of data security requirements and offer suggestions on how our solutions can help you meet them.
All merchants that accept electronic payment cards are required to follow the payment brands' rules to protect cardholder data, using their adopted common requirements, referred to as the Payment Card Industry Data Security Standards (PCI DSS). These provide merchants with a unified approach to safeguarding sensitive data.
These requirements range from removing sensitive card data from your payment terminals and processing systems, to implementing data security policies for your employees.
The complete list of standards is available for download from the PCI Security Standards Council.
In addition, Visa®, MasterCard® and other payment brands have their own data security programs that require merchants to safeguard credit card processing data. You'll want to visit their websites to learn more about each payment brand's requirements.
Not all compliance reporting requirements are the same – they can differ based on the merchant's level, which is determined by your processing volume. Depending on your level, you may be required to validate and report your PCI DSS compliance to your acquirer. For example, merchants with higher volumes are required to work with qualified security assessors (QSAs), internal security assessors (ISAs) and approved scan vendors (ASVs). The chart below provides an overview of each reporting level.
Depending on your merchant level, you may be required to submit the relevant documentation to validate and report your PCI DSS compliance to Chase and the payment brands.
It's important to keep these points in mind:
|1||Over 6 million Visa or MasterCard transactions in a 12-month period||
|2||Between 1 and 6 million Visa or MasterCard transactions in a 12-month period||
|3||Between 20,000 and 1 million Visa or MasterCard ecommerce transactions in a 12-month period||
|4||Less than 20,000 ecommerce or less than 1 million transactions with one card brand in a 12-month period||