Just this summer, the PCI Security Standards Council (PCI SSC) released a new Data Security Essentials Evaluation Tool that helps small merchants assess security practices and evaluate how they are addressing potential security risks. This tool is an easy-to-use guide made to help you assess your PCI DSS compliance evaluation and security policy for 2018 and 2019. The tool walks you through a series of questions based on your specific method of collecting payments and individual payment environment. The purpose of the tool is to inform you of any security breaches made possible by the way that you process and store credit card data. Once you answer the series of questions, you will have clear and workable suggestions for data security improvements for improved PCI DSS compliance.
6 Steps to Using the Data Security Essentials Evaluation Tool
- Contact your merchant bank (acquiring bank) - Before you get started using the tool, you will need to check with your merchant bank (acquiring bank) if they will accept this tool for validation of compliance. Some banks may accept this format and others will require you to submit their own Data Security Essentials Evaluation forms
- Find the new PCI Compliance evaluation tool and supplemental documents here.
- Review ‘Guide to Safe Payments’ document – This document covers security basics for small merchants to protect cardholder data.
- Review ‘Common Payment Systems’ document - Identify how you collect payments using the diagrams or one of the following collection types:
- TYPES 1, 2 - Payments with a standalone or dial-up payment terminal
- TYPES 3, 4 - Payment device connected only to a processor
- TYPE 5 - Payments collected with a payment terminal connected to an electronic cash register or till
- TYPES 6,7,8 - Payments with a payment terminal that is connected to other systems (e.g., servers) in your network
- TYPES 9, 10, 11 - Payments collected via e-commerce
- TYPES 12, 13 - Payments via a PCI-listed SCR (Secure Card Reader) attached to a mobile device network
- TYPE 14 - Payments via virtual terminal (web page accessed by computer or tablet)
- TYPE 15 - Payments via a PCI-listed P2PE Solution
- Fill out the evaluation form - Depending on your payment collection type, there is a unique evaluation form to complete with a series of questions. Launch the evaluation tool here.
Before you get started with the tool, be prepared to know how you handle your customers’ credit card data collection. It will also be helpful to know how you handle: internal passwords, in-house access to card data, employee security permissions, protection from internet threats from firewalls, software updates, etc.
- Review recommendations - Once you complete the evaluation, you will have specific recommendations on how to improve your data security.
The good news is that American Payment Solutions (APS) is a 100% PCI DSS compliant integrated payment processing solution.
We integrate with over 100 ecommerce and accounting solutions such as AccountMate, Acumatica, Adagio, Sage 100, Sage 300, SAP B1, Magento, WooCommerce, and QuickBooks. PCI DSS compliance helps protect your customers’ credit card data. To ensure your business is PCI DSS compliant, hire the expert team at American Payment Solutions. We help remove the headache of compliance, consistently build solutions and reduce fees, and diligently work on your behalf.
American Payment Solutions enables you to cut costs and offers the following streamlined credit card processing features:
- Convenient 24-hour access to payment processing and reporting
- Automated recurring billing
- Improved cash flow
- Fraud detection and prevention (CVV and AVS controls for easy management)
- Reduce invoicing costs
- No additional licensing fees
- Credit card tokenization for secure access to future customer transactions
- Real-time Payment Gateway
- Level 3 supported gateway for US accounts, (significant savings for business to government or business to business transactions)
- Free virtual terminal for instant credit card processing capabilities
- Automatic integration available to streamline data entry and savings
- Batch processing when real time approvals are not required
- 100% PCI-DSS compliant at no additional cost
- Some of the lowest American Express fees in the entire industry
- Next Day Funding including American Express making reconciliation process easier
Related APS Articles:
- TLS 1.2. PCI Compliance in 2018! – https://creditcardprocessing.apsmerchants.com/blog/pci-compliance
- PCI DSS Compliance Checklist – Get Ready for 2019- https://creditcardprocessing.apsmerchants.com/blog/pci-dss-compliance-checklist