Home | Agent Login | Contact Us  | FAQ 
Serving over 55,000 Successful Businesses
Payment Card Industry (PCI) Data Security Standards

The Card Associations (Visa, MasterCard, Discover, American Express, and JCB) created a single standard, the Payment Card Industry Data Security Standard (PCI DSS) in order to safeguard customer information. All merchants accepting credit/debit cards are required to comply with the PCI DSS. PCI DSS is a multi-faceted security standard that includes minimum standards for security management, policies, procedures, network architecture, software design and other critical protective measures related to storing, processing and transmitting cardholder data. This comprehensive standard is intended to help merchants and service providers proactively protect customer account data.

There are 12 basic requirements of PCI DSS which are listed below.  Details of PCI-DSS are available at www.pcisecuritystandards.org.

Build and Maintain a Secure Network

  • Requirement 1: Install and maintain a firewall configuration to protect cardholder data
  • Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
  • Requirement 3: Protect stored cardholder data
  • Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
  • Requirement 5: Use and regularly update anti-virus software
  • Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
  • Requirement 7: Restrict access to cardholder data by business need-to-know
  • Requirement 8: Assign a unique ID to each person with computer access
  • Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
  • Requirement 10: Track and monitor all access to network resources and cardholder data
  • Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy

  • Requirement 12: Maintain a policy that addresses information security  


Compliance with PCI DSS helps reduce your exposure to a data breach and costly fines, audits and assessments. Non compliance and data breaches are time consuming, brand damaging, costly and even business crippling.

Merchant-based vulnerabilities may appear almost anywhere in the card-processing ecosystem including point-of-sale devices; personal computers or servers; wireless hotspots or Web shopping applications; in paper-based storage systems; and unsecured transmission of cardholder data to service providers. Vulnerabilities may even extend to systems operated by service providers. Compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) helps to alleviate these vulnerabilities and protect cardholder data.

Compliance requirements are different based on your merchant level and how you process payment transactions. Merchant Levels have been prioritized and defined for compliance validation based on the volume of transactions, potential risk, and exposure by merchants and service providers.

View the merchant levels and requirements

View the processing types and requirements

MCPS appreciates the business relationship that we have with you and want you to know that we are committed to help you succeed. MCPS has teamed up with the industry’s best providers to help safeguard your sensitive cardholder data and provide you with indemnity coverage up to $50,000 through the MCPS PCI Protection Plan.

If you have any questions about this notice or any MCPS program or service, please contact us.

 (site login is your MerchantID, password is your 5 digit zipcode plus two letter state code-lowercase letters)   

Additional Resources

PCI Security Standards Council Web Site: www.pcisecuritystandards.org
PIN Entry Devices: www.pcisecuritystandards.org/pedapproval
Payment Applications: www.pcisecuritystandards.org/pa_dss
PCI DSS: www.pcisecuritystandards.org/security_standards/pci_dss.shtml
Approved Assessors and Scanning Vendors: www.pcisecuritystandards.org/resources
Glossary: www.pcisecuritystandards.org/glossary
Discover Information Security & Compliance (DISC): www.discovernetwork.com
MasterCard Site Data Protection Program: www.mastercard.com
Visa CISP Program: www.visa.com/cisp