All Merchants in Canada Must Be Certified Under the Payment Card Data Security Standards
BACKGROUND – The increase in criminal activities over the past few years has resulted in the theft of over 2 Billion cardholder records. The largest theft was identified in July 2014 of 1.2 billion records stolen by European criminal organizations. Major businesses such as Target stores, Global Payments and JYSK (a large retailer) had their computer systems hacked by criminals stealing hundreds of million cardholder records. But it is not only large businesses that are targeted by criminals, small retailers are also attacked. Criminals send small applications, called bots, out into the internet for the purpose of finding any business that has security weaknesses. Once found, these small businesses computers are hacked and cardholder data, contact lists, bank account information is stolen.
SOLUTION – The Payment Industry (Visa, Mastercard, American Express, Discover and many other international cards) have established security regulations designed to reduce the number and impact of criminals hacking into businesses computers and networks. All Canadian business that accept credit or debit cards must undergo a certification process and PASS the certification. New merchants to Elavon are given a 3 month period to undergo the certification process, make any adjustments that are identified and receive a pass grade. PCI Certification is not a one-time event, it must be performed annually because security requirements change as criminal activity changes; merchants change their business methods (adding eCommerce) and merchant’s internal security processes change from time to time.
FINANCIAL – In addition to the dramatic increase in criminal activity, the costs to defend against criminal attacks are also dramatically increasing. Merchants will now be charged a monthly PCI Security fee of $8.95 per month, this fee will assist in covering the cost of monitoring criminal activity and their changing methods of attack. Included in the $8.95 is an insurance policy of up to $100,000 per attack to offset liability costs if your system is hacked. If you are not successfully certified after 3 months, you will be assessed a $20.00 “Non PCI Compliance Fee” each month until you are certified.
COMPLIANCE PROGRAM – Elavon recognizes that the process of successful certification can be complicated for merchant’s especially small merchants who do not have highly trained IT specialists. To assist all merchants (small to large), Elavon has partnered with Sysnet Global Solutions to guide merchants in identifying the degree of certification activity that is required for each merchant. Tools are available to merchants to scan their computers and networks that will identify weaknesses and provide instructions on correcting weaknesses and vulnerabilities.
TO BEGIN YOUR CERTIFICATION simply log into www.pcicompliancemanager.com and follow the instructions.
NOTE: When you begin your certification, you will be asked to enter your computer’s IP Address. If you do not know the IP Address, log into www.whatismyipaddress.com your IP Address will be displayed on the screen.
HACKERS DO NOT ONLY TARGET LARGE BUSINESSES, SMALL BUSINESSES ARE ATTACKED AS WELL.