PCI compliance is not a single event, but an ongoing process.

Payment Card Industry Data Security Standard (PCI DSS) compliance is designed to protect businesses and their customers against payment card theft and fraud.

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.  Essentially any merchant that has a Merchant ID (MID).


PCI applies to all organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data.

In security terms, it means that your business adheres to the PCI DSS requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.


In operational terms, it means that you are playing your role to make sure your customers' payment card data is being kept safe throughout every transaction, and that they – and you – can have confidence that they're protected against the pain and cost of data breaches.


The PCI Security Standards Council has established twelve high-level PCI DSS requirements, listed in the right hand column, which all merchants must comply with. These requirements assist merchants in meeting a variety of security goals for the cardholder data environment.


Steps to Compliance

For merchants, meeting these requirements involves a two step process both of which can be achieved with our world class Breach Assurance Program provided to all AMS clients as part of their merchant services program.


1. Complete the Self Assessment Questionnaire (SAQ)


The SAQ is validation tool for merchants and service providers that are not required to undergo an on-site data security assessment per the PCI DSS Security Assessment Procedures. The purpose of the SAQ is to assist organizations in self-evaluating compliance with the PCI DSS.


2. Quarterly Network Scans (as applicable)


PCI Security Scans may apply to all merchants and service providers with Internet-facing IP addresses. Even if an entity does not offer Internet-based transactions, other services may make systems Internet accessible.


Questions? Call Us

(407) 331-5465


Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data

Requirement 2: Do not use vendor supplied defaults for system passwords and other security parameters


Protect Cardholder Data

Requirement 3: Protect stored cardholder data

Requirement 4: Encrypt transmission of cardholder data across open, public networks


Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software

Requirement 6: Develop and maintain secure systems and applications


Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know

Requirement 8: Assign a unique ID to each person with computer access

Requirement 9: Restrict physical access to cardholder data


Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data

Requirement 11: Regularly test security systems and processes


Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security