PCI Compliance

Do you worry about whether your card data security program is PCI compliant? With WestStar's PCI Compliance Manager, you can quickly and easily maintain and report compliance. In addition to streamlining the PCI certification process, our PCI Compliance Manager offers:

Financial Protection
  • PCI program provides up to $100,000 of data breach protection1 
 
Tools & Education
  • Step-by-step instructions for completing the compliance process
    Assistance with PCI Self-Assessment Questionnaire and vulnerability scanning (if applicable)
  • Valuable tips and information for safeguarding your business

Support
  • Access to PCI professionals to answer questions online, by phone, and by email

If you'd like more information, please contact us online or call our Treasury Management Department at (915)747-1674 or [toll-free 1-800-366-4578].

What is PCI?

Payment Card Industry Data Security Standard (PCI DSS), is a set of data security requirements established by the major card brands (including Visa® and MasterCard®) to protect cardholder account information.

To whom does PCI apply?

Compliance with the PCI DSS is required of all merchants and service providers that store, process or transmit cardholder data. No matter how you process payments, EMV or otherwise, it is your responsibility to fulfill these requirements.

Why does my business need to be PCI compliant?

The standards outlined in the PCI process set a good data security foundation to reduce your business’s vulnerability from a data breach. By completing the PCI compliance process, not only are you guarding yourself against a costly breach, but also avoiding non-compliance fines for forensic investigations, fraudulent purchases, and the cost of re-issuing cards.

What are the steps to PCI compliance?

All merchants, whether small or large, that process, store or transmit cardholder data must adhere to the following requirements for PCI DSS compliance:

Build and Maintain a Secure Network
  • Install and maintain a firewall configuration to protect data.
  • Avoid using vendor-supplied defaults for system passwords and other security parameters.

Protect Cardholder Data
  • Protect stored data.
  • Encrypt transmission of cardholder data and sensitive information across public networks.

Maintain a Vulnerability Management Program
  • Use and regularly update antivirus software.
  • Develop and maintain secure systems and applications.

Implement Strong Access Control Measures
  • Restrict access to data by business need-to-know.
  • Assign a unique ID to each person with computer access.
  • Restrict physical access to cardholder data.

Regularly Monitor and Test
  • Track and monitor all access to network resources and cardholder data.
  • Regularly test security systems and processes.

Maintain an Information Security Policy
  • Maintain a policy that addresses information security.
  • Some of the standards above may not be applicable to all processing environments.

STEP 2

Level 1-3 merchants must then validate or prove their compliance by meeting requirements that vary by “PCI level,” which is based on annual card transaction volumes. To validate compliance, merchants must take the following steps:

  • Complete and pass an annual PCI DSS Self-Assessment Questionnaire (SAQ) appropriate for your merchant processing environment.
  • If you are storing or processing cardholder data on or through an Internet-facing environment, you must also pass quarterly vulnerability scans of your network.
  • Additional certification requirements may apply based on your processing environment and the number of transactions you process annually.

1 Up to $100,000 of data breach protection per Customer ID number if enrolled in vendor program and have certified PCI compliance.