FAQs. The Worldpay PCI Program. Help protect your business and your customers from data theft

Transcription

1 The Worldpay PCI Program Help protect your business and your customers from data theft

2 What is the Payment Card Industry Data Security Standard (PCI DSS)? Do I have to comply? The PCI DSS is a set of 12 mandatory requirements from the major credit card brands designed to ensure that all companies that process, store or transmit card information maintain a secure environment and help businesses reduce the risk of loss. Put simply, the PCI DSS is about preventing card payment information held by customers, or their third parties, from being used fraudulently and all the associated consequential financial and reputational losses.

3 What is the Payment Card Industry Data Security Standard (PCI DSS)? Do I have to comply? Yes. The Payment Card Industry Data Security Standard is a mandatory requirement of the card brands (i.e. Visa, MasterCard, Discover, American Express and JCB ), and any business that stores, processes or transmits cardholder data (regardless of size) must comply with PCI DSS. The requirements apply to all acceptance channels including retail (brick-and-mortar), mail/telephone order (MOTO) and ecommerce (online).

4 What are the benefits of validating your PCI DSS compliance? By complying with the 12 requirements, you ll be: Helping with the safe handling of card payment data Protecting^ your business and your customers against the growing threat of card fraud Saving money by avoiding non-validation fees 1 For merchants participating in the Worldpay PCI Program, Worldpay will waive customer s indemnification obligations for up to a total of $50,000 of specified compromise-associated costs, such as forensic audits and fines. Additional terms and conditions apply.

5 Why choose the Worldpay PCI Program? How can I access the Worldpay PCI Program portal? I ve forgotten my username and password What is a Vulnerability Scan and am I required to do it? I m already compliant with another quality security assessor (QSA) - do I need to do anything? The Worldpay PCI Program has been created to guide you step by step through the PCI DSS process. It has been designed to make it quicker and easier for you to validate your compliance with the PCI DSS. You ll have access to an online portal, and chat support, for any help you need during the PCI DSS validation process. You ll also benefit from the following: Pre-population of up to 90% of your PCI DSS selfassessment questionnaire (SAQ) if using certain Worldpay products Ability to schedule quarterly PCI DSS external vulnerability scanning (if applicable) PCI DSS certificate of validation (if validated) Periodic reminders in order to maintain validation

6 Why choose the Worldpay PCI Program? How can I access the Worldpay PCI Program portal? I ve forgotten my username and password If registered with the program you would have received your user name and password by mail. You can access the Worldpay PCI Program portal by clicking on the link below or typing to your web browser. What is a Vulnerability Scan and am I required to do it? I m already compliant with another quality security assessor (QSA) - do I need to do anything?

7 Why choose the Worldpay PCI Program? How can I access the Worldpay PCI Program portal? I ve forgotten my username and password What is a Vulnerability Scan and am I required to do it? Within the Worldpay PCI Program portal there is an option to select forgotten username/password. After submtting the form, an will be sent to advise you of your new password/username. You can also call our Worldpay PCI Program Help Desk at , Monday Friday, 8am to 10pm ET. I m already compliant with another quality security assessor (QSA) - do I need to do anything?

8 Why choose the Worldpay PCI Program? How can I access the Worldpay PCI Program portal? I ve forgotten my username and password What is a Vulnerability Scan and am I required to do it? I m already compliant with another quality security assessor (QSA) - do I need to do anything? By completing the Self Assessment Questionnaire (SAQ), you will find out if you need to complete a Vulnerability Scan. This is an automated tool which scans your systems for vulnerabilities, particularly on your networks and web applications on the external-facing Internet protocol (IP) addresses. You ll need to do this every 90 days or once per quarter, and it must be conducted by a PCI SSC Approved Scanning Vendor (ASV) such as the one provided for participants in the Worldpay PCI Program. Once you ve completed the Self-Assessment Questionnaire, you will be notified if you need to complete a Vulnerability Scan.

9 Why choose the Worldpay PCI Program? How can I access the Worldpay PCI Program portal? I ve forgotten my username and password What is a Vulnerability Scan and am I required to do it? I m already compliant with another quality security assessor (QSA) - do I need to do anything? You ll need to upload your certificate of validation to the Worldpay PCI Program portal within 60 days of receiving your Worldpay PCI Program welcome /letter to avoid nonvalidation fees.

10 Can I avoid paying any of these charges? Once you validate your PCI DSS compliance, any associated monthly non-validation fees will no longer apply. You will still need to pay a monthly program fee (applicable to all customers, irrespective of validation) for participation in the Worldpay PCI Program, designed to make validating your compliance quicker and easier.

11 worldpay.us This content is not intended to provide a complete explanation of applicable laws, rules, or regulations. It should not be considered legal or compliance advice. Individual situations will differ, and any questions or concerns should be discussed with your own lawyers and advisors. For more complete PCI DSS information, please visit the PCI Security Standards Council site at Worldpay All rights reserved. Worldpay, the logo and any associated brand names are trademarks of the Worldpay group of companies. All other trademarks are the property of their respective owners. Worldpay US, Inc. is a registered ISO/MSP of Citizens Bank, N.A., Wells Fargo Bank, N.A., and Eagle Bank, N.A. PCI-FAQ-0417