January 6, 2014

PCI Rapid Comply

rapidcomply-logo

Payment Card Industry Data Security Standard (PCI DSS)

PCI Rapid Comply Solution

Thank you for choosing Acuity Merchant Services for your card payment processing needs.  Please review this communication for action you must take to meet industry security compliance requirements.

WHAT ARE YOU REQUIRED TO DO?
The card organizations require that all merchants validate compliance with the industry mandated Payment Card Industry Data Security Standard (PCI DSS). The goal of becoming compliant with PCI standards is to help protect sensitive cardholder data from data thieves and to help protect your business from the growing threat of payment card breaches and theft.1
As part of meeting these requirements, you need to:
–   pass the annual security self-assessment questionnaire (SAQ) that asks questions about your credit card processing system and method
–   if required, pass quarterly PCI scans of your network
–   carry out any remediation activities that may be preventing you from becoming PCI DSS compliant

HOW DO YOU BECOME COMPLIANT?
To help you achieve and maintain PCI compliance, Acuity Merchant Services has arranged for PCI DSS compliance services to be provided by the First Data PCI Rapid Comply solution. With the PCI Rapid Comply solution, there are no new or additional charges. The Compliance Service Fee charged to you by your merchant services provider includes your annual PCI self-assessment questionnaire (SAQ) and quarterly scans, if needed.

To get started with PCI DSS compliance, please click on the URL link below or type www.pcirapidcomply.com into your browser:

URL: www.pcirapidcomply.com
Username:  (Merchant Number for Username)
Temporary Password: (same as your username)

Once you activate your account, you will be prompted to change the password for security reasons.

Payment Card Industry Data Security Standard Continued

DO YOU HAVE TO USE THE PCI RAPID COMPLY SOLUTION?
The benefits of using the First Data PCI Rapid Comply solution are that it is offered by and integrated with your merchant services provider. The PCI Rapid Comply solution includes a guided, step-by-step SAQ tool help to complete the annual questionnaire with ease, an integrated scanning tool for merchants that are required to pass quarterly scans and comprehensive support available online and via chat, email and phone to ensure your questions get answered.

As your card payments processor, we hope you will elect to use our PCI Rapid Comply solution. However you are free to obtain PCI DSS compliance services from third-party vendors.

If you choose to use a third-party vendor for PCI DSS compliance services, you will need to contract with and pay that vendor directly.  In addition to your alternate vendor’s charges for PCI DSS compliance services, you still will need to pay the Compliance Service Fee charged to you by your merchant services provider.  The Compliance Service Fee is not affected by your choice to use a third-party vendor.  You will also need to ensure your PCI DSS compliance status is reported to First Data.  If you fail to become PCI DSS compliant or to report your PCI DSS-compliant status via third-party vendor to First Data, you may also be charged a monthly Non-Receipt of PCI Validation fee by your merchant services provider until such time as you become PCI DSS-compliant or report your PCI DSS-compliant status to First Data.

WHAT HAPPENS IF YOU DON’T BECOME PCI DSS COMPLIANT?
If your business fails to become PCI compliant,  you could be putting your business at greater risk from the growing threat of payment card data breaches and theft, which may result in substantial penalties (such as fines from banks, regulatory agencies, and card organizations), fraud and charge backs, as well as legal costs and lost customers. To repeat, if you fail to become PCI DSS compliant or to report your PCI DSS-compliant status via a third-party vendor to First Data, you may also be charged a monthly Non-Receipt of PCI Validation fee by your merchant services provider until such time as you become PCI DSS-compliant or report your PCI DSS-compliant status to First Data.

If your business experiences a data security breach, you could even lose your ability to process credit card payments. Perhaps more importantly, you risk the loss of customers. Research shows that 43% of customers who have been victims of fraud stop doing business with the merchant where the fraud occurred.

You are requested to take action immediately, so please ACT NOW to avoid the monthly Non-Receipt of PCI Validation Fee.  To learn more about the PCI Data Security Standard, please visit:
– PCI Standards Council: www.PClSecurityStandards.org
– Visa: www.usa.visa.com/merchants/risk_management/cisp_merchants.html
– MasterCard: www.mastercard.com/us/sdp/index.html