What is PCI Compliance?
The Payment Card Industry Data Security Standard (PCI DSS) was established by the major card brands. This standard is to help any business that accepts Visa, MasterCard, and Discover credit cards to organize their business in a way to keep customers’ private information secure. This information can include but Is not limited to credit card numbers, expiration dates, billing addresses, and security CVC codes. It is a requirement from the card brands for any business that process, store, or transmit payment card data to implement the applicable strategies and suggestions outlined in the PCI DSS standards to prevent cardholder data from theft or fraudulent activity.
PCI compliance is not a single event, but an ongoing process. This is true regardless of the merchant services provider that is being used by the business. For convenience, CMS has created this PCI FAQs page to assist its merchant account holders.
Who can help?
Under PCI rules, the merchant service provider cannot directly assist the merchant through the compliance process. The concern of the Card Association is that it creates a potential conflict of interest and any support should come from a neutral third party. In an effort to minimize the complications that can arise when becoming PCI compliant, CMS has contracted with Security Metrics to be available to answer any questions or to provide support.
If you find that there is a need for help in becoming PCI Compliant please contact Security Metrics directly. They are available to assist you and can be reached at 801-705-5700.
Does using Freedom make me PCI compliant?
No, however, if you use the CMS integrated credit card payment solution with Freedom Medical Systems®, it uses the Slyce Plug-in (which is PCI compliant). This should make the compliance process easier for you as long as your business does not accept payments through any other means or record credit card information outside of using the Slyce Payment Plug-in in Freedom Medical Systems®. If so, you should be required to complete the SAQ-A online questionnaire through your Security Metrics merchant account. The SAQ-A is approximately 20 questions and can be completed within 8 – 10 minutes.
How do I get a Security Metrics account?
If you have enrolled with CMS for credit card processing through Freedom Medical Systems®, you will automatically be enrolled with Security Metrics. Once enrolled, Security Metrics will generate an automatic email that will be sent out to the email address that is on file for the merchant account. This introductory email will encourage you to become PCI compliant by providing a link to the Security Metrics landing page where you will be able to log in. If you have any questions on how to log in, please contact Security Metrics at 801-705-5700.
What if I elect to be non-compliant?
It is not mandatory by law for a business to become PCI Compliant. The standard was created by the major card brands as a security standard and recommendation. Merchants can continue processing credit card transactions if they are non-compliant. However, merchants that do not comply with PCI DSS may be subject to non-compliance fees, card replacement costs, costly forensic audits, etc., should a breach event occur. For a little upfront effort to comply with PCI DSS, you can reduce your risk of facing these unpleasant consequences.
Can CMS Support provide any assistance?
The Customer Support team at CMS is able to assist with the logins, passwords and assisting with getting the merchant account on the correct SAQ questionnaire in the Security Metrics system. CMS Support can be reached at 877-267-4324 or support@cmsonline.com. Any support required in completing the PCI compliance process is available by phone or email from Security Metrics.