Payment Card Industry (PCI)

RESOURCES View brochure in PDF Format Click on icon to request additional information OR For more information contact us at: 888-237-3899

Chief Security Officers is a PCI Qualified Security Assessor (QSA) and has one of the largest teams of Qualified Security Assessors in the country.  We also have the unique capability of having bilingual (Spanish/English) QSA's.

We are experts in PCI compliance, please call us at 888-237-3899 or email us at info@chiefsecurityofficers.com to learn more about how we can help you or to receive a free quote.

The details of the standard are listed below and your compliance requirements are based on the number of transactions your process annually

---

Level 2 - 4 Merchants - Any merchants processing less that 6 million transactions per year.

This merchant level requires you to conduct quarterly networks scans of your external network and submit a self assessment questionnaire annually.

We offer a complete service that includes the following features.

We charge a base annual price of $750 per year plus $25 per IP address for unlimited scans. 

 

---

Level 1 Merchants - Any merchant, regardless of acceptance channel, processing more than 6 million transactions per year

This merchant level requires an onsite security audit, and quarterly network scans.  


(Click on the blue button to receive a free PCI Onsite Assessment quote)

 

 

---

Participating merchants and service providers must pay for their own CISP compliance assessment, and the cost of compliance depends on the extent to which they are already in compliance. If a merchant or service provider refuses to participate in CISP, Visa may impose a fine on the financial institution responsible for them. The bottom line is, merchants and their service providers must meet the CISP requirements to continue to accept Visa Payment products.

Compliance Penalties

 

Failure to comply with CISP standards or to rectify a security issue can result in:

In the event of a security breach, financial institutions must immediately investigate the incident and limit the exposure of cardholder data, and must immediately notify Visa and report on its investigation of the incident. Financial institutions will not be fined for merchants or service providers that have been compromised but found to be CISP-compliant at the time of the security breach. However, any merchant or service provider that is compromised and not CISP-compliant at the time of the breach, then the financial institution is subject to fines-up to $500,000 per incident.

We help Visa merchants and service providers verify that they are in compliance with Visa's Cardholder Information Security Program (CISP). The program defines a standard of due care and enforcement for protecting cardholder information and is required for all merchants and service providers who handle, process and/or store Visa cardholder data. The program includes an active program to ensure annual validation of their security positions.

When performing your Visa CISP Risk Assessment, our information security advisors will evaluate your current payment environment, compare your controls against Visa's CISP requirements and perform testing as described in Visa U.S.A.'s Security Audit Procedures and Reporting document. Our holistic approach examines the flow of Visa credit card information -- how information is shared, how access is controlled, and how data is transmitted and destroyed, among other procedures. We then provide practical recommendations for becoming compliant with Visa's CISP requirements and improving your overall information security posture.