PCI DSS standards keep credit card data secure.
Businesses that process credit cards must comply with Payment Card Industry Data Security Standard (PCI DSS). These standards help ensure data security over the course of financial transactions. PCI standards are part of cyber security controls designed to keep credit card numbers secure from a data breach.
For collection agencies, PCI DSS Attestation is an ongoing part of the cyber security standards that these firms should constantly maintain. As one of the largest collection agencies in the nation, TSI’s commitment to data security extends to PCI standards – but this is just one component of our full commitment to cyber security.
This article focusing on PCI Attestation is the third in a series that explains the details of TSI’s efforts at ensuring cyber security and protection of our client’s information. In the first article we took a look at HIPAA compliance and in article two we did a deeper dive on FISMA compliance.
What is PCI Compliance and why is it Important?
The PCI Security Standards Council sets the data security standards for all entities that store, process of transmit credit cardholder data (CHD) and/or sensitive authentication data (SAD). PCI stands for Payment Card Industry, and the council is governed by some of the big name creditors, including American Express, Discover, MasterCard, and Visa.
These vendors work together to establish a training and certification methodology to help keep data safe during credit card transactions. They even certify the hardware that processes payments.
But it’s even more complicated; each of these individual credit card vendors also has individual PCI compliance programs to protect their payment networks. The standards typically encompass the people, processes, and policies that have to do with credit card transactions.
TSI meets — and exceeds — PCI compliance rules for data security.
There are four levels of PCI compliance related to the volume of credit cards processed:
- Level 1 – process more than 6 million MasterCard and Visa transactions annually.
- Level 2 – transact 1 to 6 million-credit transactions each year.
- Level 3 – process 20,000 to 1 million e-commerce payments annually.
- Level 4 – process less than 20,000 Visa or MasterCard e-commerce payments and all other companies clearing up to 1 million Visa transactions annually.
The PCI governing body regularly audits these standards and failure to comply with these regulations can saddle a vendor with stiff fines and penalties.
TSI, Data Security, and Your Business
If you’ve been reading about some of the successful exploits by hackers this year, you already realize that cyber security must evolve as new threats emerge. TSI concentrates our cyber security efforts on maintaining network defenses by counteracting any vulnerability in response to the latest threats. This is an ongoing process of testing for weaknesses and then creating security upgrades to shore up the areas that could potentially lead to a breach. We also create policies and procedures that control access and regularly audit and revise these rules for compliance.
All of our efforts have led TSI to receive the highest level of PCI compliance possible: the DSS 3.2 Service Provider Level 1 Attestation. This is the same level of data security compliance that banks, credit card companies, and other financial institutions maintain. The standards dictate stronger security controls and frequent assessments, transparency in our processes, and multi-factor authentication for any employees handling card data.
TSI’s commitment to cyber security extends beyond PCI compliance. Our company owns a secure payment technology platform that allows us to process payments securely in multiple ways: from checks and ACH to payments made on our website and by phone.
It’s all part of our ongoing commitment to a line of digital services that are as fast and efficient as they are secure.
Trust your receivables to an organization that takes great care to protect your data and therefore your brand. Contact us today.