PCI Compliance – Are You Covered?
At this time, all US merchants accepting Visa, MasterCard, Discover and/or American Express are required to be Payment Card Industry (PCI) compliant. PCI compliance is required by the card associations, and the standard is overseen by an independent council of the five major brands. NTC Texas is a payment partner with Elavon. All NTC Texas/Elavon merchants will be included in the Elavon PCI Compliance program.
Elavon has partnered with Trustwave© to provide the Elavon PCI Compliance program. The validation program consists of a Self Assessment Questionnaire (SAQ) which verifies the following:
- Merchant’s policies and procedures,
- Vulnerability scan which identifies technology weaknesses,
- Compliance report which identifies any areas of non-compliance and
- Remediation report which provides a guide to compliance.
If breached, compliant Elavon merchants with PCI validation confirmed through Elavon’s third-party partner (Trustwave©) may receive up to $100,000 coverage per incident. Merchants who choose PCI validation through a non-Elavon partner may receive up to $50,000 coverage per incident. Non Compliant Elavon merchants may receive up to $10,000 coverage per incident.
Merchants with a dial terminal (non IP) will simply need to complete the Self-Assessment Questionnaire. The Self-Assessment Questionnaire and a network scan will need to be completed by merchants using software or eCommerce to process payments.
In July 2009 Merchants with business names starting with A – K were notified of Elavon’s PCI Compliance requirements and will be billed on their August month-end statement. Merchants with business names starting with L – Z will receive notification in August and will be billed on their September month-end statement. Merchants meeting the requirements for Multi Locations as it relates to the PCI Compliance program as well as merchants on a Foreign Network have been excluded from this mailing and will be addressed in a separate mailing later in 2009.
Merchants will have 90 days after they are notified to provide Compliance Validation through the Trustwave© Website. Merchants who do not provide compliance validation will be assessed a monthly compliance fee of $20 until validation is provided.
Merchants boarded with NTC Texas/ Elavon after October 1, 2008 and through August 10, 2009 will be provided compliance notification beginning November 2009.
For more information regarding PCI compliance please visit www.pci.elavon.com.