Welcome to the SFS PCI Program!

In partnership with SecureTrust, Superior Financial Systems is providing your business with the SFS PCI Program. This program features the SecureTrust PCI program, which will help you easily approach your requirements for the Payment Card Industry Data Security Standard (PCI DSS). Please take a few moments to read through the information below, and then click on the link at the end to begin the validation process.

Credit Card Acceptance at businesses – Understanding the Risk of Theft and Fraud

Acceptance of credit cards for payment has grown exponentially at small businesses across the US. Regardless of size, these businesses should be aware of the risk for theft and fraud, and take action to combat this by certifying with the industry standard for handling credit card data, called the Payment Card Industry Data Security Standard (PCI-DSS). The PCI DSS is required for all businesses accepting credit cards.

What is PCI DSS? The five major card networks ((American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa Inc.) established the PCI DSS as a set of requirements for business of all types to use when configuring their IT and payment-processing environments. Understanding the requirements is the first step. Some businesses will need IT support to ensure all of the requirements are met prior to taking action to certify compliance. (For additional information, please visit www.pcisecuritystandards.org.) The 12 requirements are as follows:

1. Install and maintain a firewall configuration to protect data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored data
4. Encrypt transmission of cardholders data sensitive information across public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security

What does a business need to do to certify PCI DSS Compliance?: There are two components required to validate or "prove" that a business has achieved PCI DSS compliance certification:

1. Self-Assessment Questionnaire: All businesses are required to self-assess their IT and payment processing environment using the appropriate PCI Self -Assessment Questionnaire (SAQ). Please see the PCI Security Standards site for examples of the four questionnaires, www.pcisecuiritystandards.org.
2. Vulnerability Scanning: Depending on how you process payments and the Internet connection, network vulnerability scanning may also be required. (This step requires an Approved Scanning Vendor (ASV). The list of ASVs can be found at https://www.pcisecuritystandards.org/qsa_asv/find_one.shtml)

The questionnaire and the scanning will help identify if any weaknesses or vulnerabilities exist in the network. These issues must be fixed before PCI DSS certification can be achieved.

Certification with PCI DSS is achieved with both a compliant, passing questionnaire and if necessary for your business, compliant, passing compliant vulnerability scanning. There are many tools available in the marketplace to help businesses achieve these steps easily. Your business may have been automatically enrolled in PCI DSS programs by your bank, processor or acquirer. If you are unsure if you are PCI DSS compliant or enrolled in a program, please call your payment processing provider.

How to get started:
We have partnered with SecureTrust (www.securetrust.com), a leading provider of compliance and information security to the payment industry, serving merchants of all sizes, with QSAs on staff that are experts in call center compliance. SecureTrust is both an Approved Scanning Vendor and a Qualified Security Assessor, and is certified to validate organizations' compliance with the PCI DSS. SecureTrust's PCI program will guide you to complete the required steps for your business, as explained above. As part of your welcome kit when you first sign up with SFS, we provide login information for your new SecureTrust PCI program compliance account. Please make sure to review your welcome emails for the URL and login information, and complete your validation within 30 days of being approved for your new merchant account. You can click on the link below to access the login page, and if you need any assistance with your login credentials, call Customer Support at 866.601.2733, during normal business hours.