Frequently Asked Questions

What is PCI DSS?

PCI stands for "Payment Card Industry" and DSS stands for "Data Security Standards". PCI DSS regulations are mandated by the Security Council. The Security Council is controlled by the Card Brands Visa, MasterCard, Discover, and others. Full details of PCI DSS can be found on the Security Council's website at www.pcisecuritystandards.org.

What are my requirements as a merchant?

The extent of your PCI DSS requirements are determined by which level you are determined to belong . The first issues in this determination begins with how many transactions are processed per year combined with how the credit card transactions are taken. Currently there are 4 levels merchants are categorized for PCI DSS (defined more in these FAQ's).

What are the 4 merchant "levels" for PCI DSS?

The PCI DSS requirements vary depending on which level your merchant account falls. Currently the PCI DSS is divided into 4 levels: A level 1 merchant processes more than 6 million transactions per year; a level 2 merchant processes more than 1 million transactions per year; a level 3 merchant is an internet sales (ecommerce) merchant that processes more than 15,000 transactions per year; finally, level 4 Merchants are everyone else, most merchants are level 4.

What is completed during my set-up?

Our Web portal is a "vanilla shell" meaning we can customize the Web Portal to your colors, logos, and other attributes to your specifications. We have the ability to help larger entities do a completely customized site if desired or integrate with an existing website using API.

How is the program communicated to my merchants?

PCI Compliance, LLC will never contact your merchants directly or indirectly for any reason nor would we share any information with any third party. Release of information specific to your portfolio is controlled by your ISO. All communication is done through your organization at its expense. Some good options include: statement messages, statement inserts, email blasts, and direct calling especially to your merchants requiring scans.

How long does it take to set up a new ISO account?

Our portals can be established and up and running within the same business day in most instances.

How do I get billed?

You can choose either monthly or annual billing. We recommend you make this decision based on how you intend on billing your portfolio (merchants). If you bill PCI DSS Fees annually then it might be easiest on cash flows to bill with us on an annual basis as well. Many ISO’s like the annual option so their merchant base is not seeing the costs of PCI printed each month they read their processing statement. Other ISO’s are choosing to absorb the costs as an additional monthly or on account fee and either not specifically pass any new fees to the merchants or charge a nominal monthly fee. The choice is yours!

Does PCI Compliance, LLC provide technical support?

Yes: we provide escalated support for SAQ’s and full support directly for all Scan Merchants via our Approved Scan Vendor (ASV). Our standard pricing requires your organization to provide the first tier of support however, we are available directly for escalated support. We can provide a turn-key full support option for a nominal additional fee to our standard pricing.

What does PCI DSS focus on?

PCI DSS focuses on the protection of cardholder data throughout the transaction process whether in a retail environment or over the internet, or anywhere in between. The payment card industry is more diverse today than ever. Each day new payment applications expand the methods on how consumers can use the credit cards to purchase goods and services.

What are my requirements as an ISO or Financial Institution?

Keep in mind that the general idea of the Security Council regarding PCI DSS is to provide a platform where the Card Brands can reach across the layers of entities (Banks, Processors, ISOs, and Sales Representatives) to directly communicate with the merchant. The requirement of the ISO is to provide the Self administered tools set to the merchant-- that is all. The tools must provide the merchant the ability to complete their PCI DSS steps which include the Self Assessment Questionnaire (SAQ) and a Scan provided by an Approved Scan Vendor (ASV). By providing the merchant with access to these tools the ISO has gone a long way toward fulfilling their role in PCI DSS.

What roles does PCI Compliance, LLC play in the market?

PCI Compliance has a proprietary web based portal which delivers solutions for level 3 and level 4 merchants. Both the SAQ and Scan Engines are handled within this customizable portal. We provide the ISO, Bank, or Processor a fully branded option to deliver PCI DSS solutions to their merchant base.

What sets PCI Compliance, LLC apart from the competition?

Our portal and pricing models are revolutionary in how they are constructed. We are priced generally well below our closest competitor. We offer unsurpassed service and support with more than 200,000 merchants that have been loaded to our portal.

Who are PCI Compliance, LLCs' customers?

We design our products at the wholesale level and sell directly to the ISO, Bank, or Processor. These entities are our client as they provide the portal to their portfolio (merchant list) and resell our customized Web Portal services (usually at a mark-up), therefore we are usually a strong profit center for these financial entities.

What steps do merchants have to take to meet PCI Compliance?

There are 4 levels of merchants defined in these FAQ's, merchants at level 3 or level 4 are our Web Portal's target end user. Requirements for these merchants include a Self Assessment Questionnaire (SAQ) and if they transact over the internet or IP lines then a quarterly Scan is required as well.

What does it cost me?

Pricing is based in a simple pricing matrix driven by the term and services you select. Our longest term is 3 years while we offer terms as short as 1 year if desired. The longer term you select the lower we can keep your pricing.

Should there be any other questions please contact us through the contact form