In partnership with SecureTrust, Superior Financial Systems is providing
your business with the SFS PCI Program. This program features the SecureTrust
PCI program, which will help you easily approach your requirements for
the Payment Card Industry Data Security Standard (PCI DSS). Please take
a few moments to read through the information below, and then click on
the link at the end to begin the validation process.
Credit Card Acceptance at businesses – Understanding the Risk of
Theft and Fraud
Acceptance of credit cards for payment has grown exponentially at small
businesses across the US. Regardless of size, these businesses should
be aware of the risk for theft and fraud, and take action to combat this
by certifying with the industry standard for handling credit card data,
called the Payment Card Industry Data Security Standard (PCI-DSS).
The PCI DSS is required for all businesses accepting credit cards.
What is PCI DSS? The five major card networks ((American Express, Discover Financial Services,
JCB, MasterCard Worldwide, and Visa Inc.) established the PCI DSS as a
set of requirements for business of all types to use when configuring
their IT and payment-processing environments. Understanding the requirements
is the first step. Some businesses will need IT support to ensure all
of the requirements are met prior to taking action to certify compliance.
(For additional information, please visit
www.pcisecuritystandards.org.) The 12 requirements are as follows:

- Install and maintain a firewall configuration to protect data
- Do not use vendor-supplied defaults for system passwords and other security
parameters
- Protect stored data
- Encrypt transmission of cardholders data sensitive information across public networks
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications
- Restrict access to data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security
What does a business need to do to certify PCI DSS Compliance?: There are two components required to validate or "prove" that
a business has achieved PCI DSS compliance certification:
-
Self-Assessment Questionnaire: All businesses are required to self-assess
their IT and payment processing environment using the appropriate PCI
Self -Assessment Questionnaire (SAQ). Please see the PCI Security Standards
site for examples of the four questionnaires,
www.pcisecuiritystandards.org.
-
Vulnerability Scanning: Depending on how you process payments and the Internet
connection, network vulnerability scanning may also be required. (This
step requires an Approved Scanning Vendor (ASV). The list of ASVs can
be found at
https://www.pcisecuritystandards.org/qsa_asv/find_one.shtml)
The questionnaire and the scanning will help identify if any weaknesses
or vulnerabilities exist in the network. These issues must be fixed before
PCI DSS certification can be achieved.
Certification with PCI DSS is achieved with both a compliant, passing questionnaire
and if necessary for your business, compliant, passing compliant vulnerability
scanning. There are many tools available in the marketplace to help businesses
achieve these steps easily. Your business may have been automatically
enrolled in PCI DSS programs by your bank, processor or acquirer. If you
are unsure if you are PCI DSS compliant or enrolled in a program, please
call your payment processing provider.
How to get started:
We have partnered with SecureTrust (www.securetrust.com), a leading provider of compliance and information security to the payment
industry, serving merchants of all sizes, with QSAs on staff that are
experts in call center compliance. SecureTrust is both an Approved Scanning
Vendor and a Qualified Security Assessor, and is certified to validate
organizations' compliance with the PCI DSS. SecureTrust's PCI
program will guide you to complete the required steps for your business,
as explained above. As part of your welcome kit when you first sign up
with SFS, we provide login information for your new SecureTrust PCI program
compliance account. Please make sure to review your welcome emails for
the URL and login information, and complete your validation within 30
days of being approved for your new merchant account. You can click on
the link below to access the login page, and if you need any assistance
with your login credentials, call Customer Support at 866.601.2733, during
normal business hours.