Credit Cards Security Requirements
The Payment Card Industry, including MasterCard and Visa, require banks, online merchants and Member Service Providers (MSPs) to protect cardholder information by adhering to a set of security standards. The Payment Card Industry security standard (PCI) includes MasterCard’s Site Data Protection (SDP) program an Visa’s Cardholder Information Security Program (CISP).
Beginning June 30, 2005, MasterCard and Visa will require all online merchants processing over $125,000 credit card transactions per month or more than 20,000 credit card transactions per year to complete a quarterly network scan and annual compliance questionnaire. All merchants and service providers with external-facing IP addresses that meet these parameters must comply. Even if an organization does not offer Web-based transactions or e-commerce, there are other services that make systems Internet accessible and therefore must comply.
Failure to comply with these security standards may result in fines, restrictions or permanent expulsion from card acceptance programs.
Note: Visa will accept network scans performed by partners that are certified by the MasterCard SDP program.
The requirements outlined by the payment card industry requires online merchants and service providers to complete two security evaluation steps:
- Complete the Payment Card Industry Self-Assessment questionnaire
- Use a Network Assessment Scanning Tool, like the one provided by SOS Security, to measure and eliminate security threats associated with electronic commerce.
SOS Security works with all of the leading credit card companies working along side our partners to provide the right solution for you.