PROTECTING CARDHOLDER DATA IS GOOD FOR YOUR BUSINESS

Protecting Cardholder Data Is Good For Your Business

PCI and Security

PCI Compliance:

ClearGate is pleased to offer you a simple online service that helps you become compliant with PCI and security requirements. It enables you to process credit cards while helping to minimize your risk of a credit card data breach, thus helping to protect your customers and your business.

As you have witnessed through the news or even personal experience, the protection of credit card data is of the utmost concern. The credit organizations of Visa, MasterCard, American Express, Discover Card and other payment card companies have joined together to create a Payment Card Industry Data Security Standard, also known as PCI DSS.

The First Step in reaching compliance is by completing the PCI Self-Assessment Questionnaire (SAQ) that we have made available here. Your user ID is your 15 or 16 digit Merchant Number which can be found on your merchant statement. Your one-time password is the last 5 numbers of your merchant ID and capitalized abbreviated state code. For example, if the last 5 digits of your merchant number are 91307 and your state is California, your password would be 91307CA.  After your initial setup, you will create a unique password, and your one-time password will no longer work, so be sure to retain that in your records. If you have any trouble logging into the system, please call our Customer Support Team at 866-779-4787 option #6 or email us at support@cleargate.com. Please include your merchant ID # in any emails. The answers you provide in the SAQ will dictate whether you require additional compliance steps such as quarterly network scanning.

Account processing though an IP or computer network connection may require a computer IT specialist to assist with making sure you are in compliance.

PCI Insurance:
Questions regarding your PCI Insurance Coverage? Click Here

PCI/DSS-PA/DSS


Is ClearGate PCI level 1 complaint?

Yes, ClearGate is certified Level 1 PCI DSS compliant.
ClearGate is certified PCI compliant in the following lists:

Find us on Visa’s list

Find us on MasterCard’s list


What is PCI-DSS? Payment Card Industry – Data Security Standards The PCI-DSS mandates that certain steps be taken by all who accept credit cards to insure the security of the cardholder information. To review what is required to reach PCI’s DSS compliance click here


What is PCI-PA? Payment Card Industry – Payment Application To check if a PA is validated click here


What is PA-DSS? Payment Application – Data Security Standard These standards mandate that all payment applications (software) be validated by a PCI SSC QSA To visit the official web site click here


What is PCI-SSC? Payment Card Industry – Security Standards Council The official website for PCI is click here.


What is PCI SSC QSA? Payment Card Industry Security Standards Council Qualified Security Assessor  

Cardholder Data Security

PCI SSC Data Security Standards Overview

The PCI Security Standards Council offers robust and comprehensive standards and supporting materials to enhance payment card data security. These materials include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process — including prevention, detection and appropriate reaction to security incidents.

Tools to assist organizations validate their PCI DSS compliance include Self Assessment Questionnaires. The chart linked here shows some of the tools available to help organizations become PCI DSS-compliant.

For device vendors and manufacturers, the Council provides the PIN Transaction Security (PTS)requirements, which contains a single set of requirements for all personal identification number (PIN) terminals, including POS devices, encrypting PIN pads and unattended payment terminals. A list of approved PIN transaction devices can be accessed here.

To help software vendors and others develop secure payment applications, the Council maintains thePayment Application Data Security Standard (PA-DSS) and a list of Validated Payment Applications.

The Council also provides training to professional firms and individuals so that they can assist organizations with their compliance efforts. The Council maintains public resources such as lists of Qualified Security Assessors (QSAs), Payment Application Qualified Security Assessors (PA-QSAs), andApproved Scanning Vendors (ASVs). Large firms seeking to educate their employees can take advantage of the Internal Security Assessor (ISA) education program.

Protection

Visa/Mastercard have determined that 80% of all Data Breaches are at small businesses, making protection a major priority. Possible examples of a “Breach” (not all inclusive)

  • •Computer hacking
  • •Dishonest employees stealing card data from files
  • •The business is burglarized and card data is stolen
  • •Copies of the sales receipt are not truncated and reflect the expiration date.

Skimming Skimming is when the credit card is swiped on a device that stores the magnetic strip data from the card for future use, without the card holder’s authorization.