Payment Card Industry (PCI) Data Security Standard Compliance

Visa® and MasterCard® have implemented mandatory merchant security programs to help prevent cardholder fraud and identity theft. The programs you currently know as Visa's Cardholder Information Security Program (CISP) and MasterCard's Site Data Protection (SDP) Program still exist, but have been rolled into one industry-wide standard called the Payment Card Industry (PCI) Data Security Standard. In addition, all other major card brands have also aligned their programs under the new PCI Data Security Standard.

The Standard states that any merchant that processes, stores or transmits cardholder data is required to certify that their cardholder data is secure. Standard regulations also state that all outward-facing IP addresses, URLs and domains must be scanned for security vulnerabilities.

For most of our merchants, security certification consists of passing quarterly or annual network scans and completing an annual self-assessment questionnaire. Automated Merchant Systems (AMS) has provided the following information to help guide you through this process:

What is AMS doing to help its merchants certify their compliance?
Why should I complete the security certification when I'm a Level 4 merchant?
What steps do I need to take to complete the security certification?
Where can I get more information?

What is AMS doing to help its merchants certify their compliance?

AMS has taken the following steps to help merchants certify their compliance with the PCI Data Security Standard:

AMS is offering a series of free local seminars and national webinars that will walk you through the questionnaire and site certification process. Our seminars and webinars will also explain why certification is critical to your business, even if you are a Level 4 merchant.
AMS has partnered with SecurityMetrics, a Qualified Data Security Company (QDSC) to provide you with an online certification program. Simple and convenient, the certification process includes a self-assessment questionnaire and periodic certified network security scans. Although you are free to use any QDSC, AMS has secured preferred pricing with SecurityMetrics.

Why should I complete the security certification when I'm a Level 4 merchant?

Level 4 merchants are still required to comply with the PCI Data Security Standard regarding management and storage of credit card data. This means that if you do not complete security certification and you experience a security breach involving cardholder data, you can be held to the same fines and penalties as merchants who have higher transaction volumes. Visa and MasterCard have already imposed fines from $50,000-$500,000 plus $25 per card number involved.

What steps do I need to take to complete the security certification?

Determine your compliance requirements. If you do not know your merchant level, please call SecurityMetrics at 801-705-5665.
Sign up for the PCI Data Security Standard Seminar, a free service for AMS merchants.
Enroll* with SecurityMetrics or another certified security vendor. Enrollment is quick and the cost is minimal. You may enroll online by visiting: www.securitymetrics.com/sitecertinfo.adp or calling: 801-705-5665.
Complete and PASS the questionnaire and vulnerability scan.
E-mail AMS at pcisupport@automatedmerchant.com when you have passed and completed the scan and questionnaire requirements.

*Note: When enrolling, select "Automated Merchant Systems, Inc." from the drop-down menu as your acquiring bank to ensure you receive the discount. The scan results and self-assessment questionnaire are included and available online in your SecurityMetrics account.

Where can I get more information?

To learn more about the mandatory PCI Data Security Standard Program, or to view a list of certified vendors, please visit:

To sign up for our seminar on the certification process, please click here.

If you have additional questions, please contact SecurityMetrics at 801-705-5665 or e-mail pcisupport@automatedmerchant.com.