Innovative Merchant Solutions Data Security

How does data security affect you?

• Data security is critical for all merchants who accept payment cards to protect their business and their customers' sensitive data.
• Card-accepting merchants must comply with this standard. Please visit www.pcisecuritystandard.org for more information and a full listing of the requirement.
• The card associations (Visa, MasterCard, American Express, Discover® Network, and JCB) have agreed on a single standard for how this data is stored, processed, and transmitted: Payment Card Industry Data Security Standard (PCI DSS).
• Depending on your merchant level, your requirements for compliance validation differ. Please click here for the chart of merchant levels and requirements.
• Compliance will help protect you and your customers from theft and fraud, and safeguard the credit cardholder information that you process and/or transmit from attackers and other online hazards.

Innovative Merchant Solutions Data Security Program
Innovative Merchant Solutions strongly endorses the PCI DSS for the handling of cardholder data. To help you comply with the PCI DSS, Innovative Merchant Solutions has negotiated preferred pricing on compliance services with leading third-party assessor TrustWave (www.trustwave.com). TrustWave's TrustKeeper® portal makes compliance validation easy with three steps:

• Step One: Complete the PCI DSS self-assessment questionnaire (What is this?)
• Step Two: Perform network security scans on a quarterly basis (Why do this?)
• Step Three: Repair any identified vulnerabilities in your IT environment (How do I do this?)

Innovative merchants can visit http://innovative.trustkeeper.net to get started.

PCI DSS Compliance FAQs

1. What is the PCI DSS Self-Assessment Questionnaire?

• Multiple-choice questions about the merchant's card acceptance and processing environment.
• Used to identify your risk level and assess your compliance with the requirements of all card associations regarding your cardholder data policies, procedures, administrative controls, access controls, and physical security measures.

2. What is a quarterly network scan?

• Conducted by a third-party vendor of the merchant's external-facing IPs.
• Identifies systems that are not secure, or that could be open to a security breach or data compromise.

3. How do I comply?

• To be deemed compliant with PCI DSS, a merchant must pass both the scan and the questionnaire.
• If deemed non-compliant, a remediation plan will be necessary to address the areas of weakness, risk, and vulnerability. You will be provided with solutions necessary to become PCI compliant, protect cardholder data, and reduce your risk.

4. What happens if I am not PCI DSS Compliant?

• If you are non-compliant, you are subject to fines from the card associations.
• If your security is compromised because of your non-compliance, you risk financial loss, additional fines, loss of business, damage to your brand's reputation, and other loss of critical systems.

If you have any questions or concerns, please contact the Innovative Merchant Solutions Customer Service Center at 1-800-397-0707

Additional Information

• PCI Data Security Standard summary (PDF 84K)

• Links to Additional Information

  • TrustWave
  • PCI Security Standards Site
  • Visa CISP
  • MasterCard SDP
  • American Express DSOP
  • Discover Network DISC