PCI DSS Compliance Requirement
The payment brands (American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.) have mandated all merchants who store, transmit or process cardholder information to maintain compliance with the PCI DSS. As your service provider, Kotapay takes the protection of customer and payment account data very seriously.
We understand the risks and financial costs a compromise can pose to your business. In support of this important mandate, we require all of our merchants to validate their PCI DSS compliance status. To help make the process as convenient as possible, we're providing the following documents:
Frequently Asked Questions about PCI Compliance Validation
What is PCI DSS?
Is PCI DSS new?
- MasterCard: Site Data Protection (SDP) program
- Visa: Cardholder Information Security Program (CISP)
- Discover Network: Discover Information Security & Compliance (DISC)
- American Express: Data Security Operating Policy
I only process a few hundred dollars a month. Does my merchant account still need to be PCI compliant?
I already use a "PCI compliant" terminal/gateway. Doesn't that mean I am PCI compliant?
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
Can I choose not to certify for PCI compliance?
How long is the PCI compliance certification valid?
What if I have already been certified or choose to certify through another Qualified Security Assessor (QSA)/Approved Scanning Vendor (ASV)?