Acumen Has Partnered with Security Metrics for PCI DSS Compliance

Security Metrics is a leading provider and innovator in merchant data security and compliance for businesses worldwide. They are certified by the PCI Security Council as a Qualified Security Assessor (QSA) and Approved Scanning Vendor (ASV).

Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS) is a single approach by all card brands to safeguarding sensitive cardholder information. PCI DSS requires merchants to secure cardholder data in their virtual and/or physical environments. If you accept credit and or debit cards as a form of payment, you are required by the card associations to meet the PCI DSS requirements. To oversee standards for data security the card brands have created the PCI Security Standards Council. This organizations mission is to enhance data security through education and awareness.

Acumen has developed a DSS program to ensure all merchants regardless of level, verify they have met the mandated requirements of the security standards.

Merchant Levels

All merchants will fall into one of the four merchant levels based on Visa transaction volume over a 12-month period. Transaction volume is based on the aggregate number of Visa transactions (inclusive of credit, debit and prepaid) from a merchant Doing Business As (“DBA”).

Level                        Description

1 Any merchant-regardless of acceptance channel-processing over 6,000,000 Visa transactions per year.Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.
2 Any merchant-regardless of acceptance channel-processing 1,000,000 to 6,000,000 Visa transactions per year.
3 Any merchant processing 20,000 to 1,000,000 Visa e-commerce transactions per year.
4 Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants-regardless of acceptance channel-processing up to 1,000,000 Visa transactions per year.

PCI Data Security Standard consists of 12 basic requirements

Build and Maintain a Secure Network
1. Install and maintain a firewall configuration to protect data
2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data
3. Protect stored data
4. Encrypt transmission of cardholder data and sensitive information across public networks

Maintain a Vulnerability Management Program
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications

Implement Strong Access Control Measures
7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data

Regularly Monitor and Test Networks
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes

Maintain an Information Security Policy
12. Maintain a policy that addresses information security

PCI Assessment Requirements

Level Description
1 Any merchant- regardless of acceptance channel- processing over 6,000,000 V/MC transactions per year.
Any merchant that has suffered a hack or an attack that resulted in an account data compromise.
Any merchant that V/MC determines should meet the Level 1 merchant requirements to minimize risk to their systems.
Any merchant identified by any payment card brand as Level 1
Comply with DSS Required
On-Site Security Audit Required Annually
Self-Assessment Questionnaire
Network Scans Required Quarterly
Validated By Qualified Data Security Company and Independent Scan Vendor
2 Any merchant processing 1,000,000 to 6,000,000 V/MC e-commerce transactions per year. Comply with DSS Required
On-Site Security Audit
Self-Assessment Questionnaire Required Annually
Network Scans Required Quarterly
Validated By Merchant and Independent Scan Vendor
3 Any merchant processing 20,000 to 1,000,000 V/MC e-commerce transactions per year. Comply with DSS Required
On-Site Security Audit
Self-Assessment Questionnaire Required Annually
Network Scans Required Quarterly
Validated By Merchant and Independent Scan Vendor
4 Any merchant processing fewer than 20,000 V/MC e-commerce transactions per year, and all other merchants processing up to 1,000,000 Visa transactions per year. Comply with DSS Required
On-Site Security Audit
Self-Assessment Questionnaire Required Annually
Network Scans Recommended Annually
Validated By Merchant

What to do if compromised:

In the event of a security incident, merchants must take immediate action to:

Merchant Account Provider

Merchant Bank
Visa Fraud Control Group at (650) 432-2978
Local FBI Office
U.S. Secret Service (if Visa payment data is compromised)

Getting Started

Processing Solutions Simplified

Read More

PCI Compliance Login

Validate Your Merchant Account

Login Now

Payment Gateway Login

Access Your Virtual Terminal

Login Now

PCI DSS Compliance

Understanding Data Security Requirements

Read More