InfoSafe - PCI Compliance Services

InfoSafe Overview

Services & Certification

Security Regulations

Who Must Comply

Consumer

News

ASV/QSA Partner

PCI Security Standards Council

InfoSafe PCI Compliance Services

Get your PCI Compliance taken care of together with your InfoSafe certification. We'll help you get PCI compliant and reach "Safe Harbor" status with the major credit card companies who are enforcing the credit card security regulations. We get it all taken care of for you at one time - quickly and easily.

When you become InfoSafe Certified, you'll already meet virtually all the requirements for PCI Certification. You won't have much to do - if anything. We work together with our ASV/QSA certified PCI Compliance partner, SecurityMetrics, who will ultimately provide you with your PCI Compliance validation and certificate.

To become certified PCI Compliant with the credit card companies, in addition to other basic security measures that InfoSafe already gives you, you'll need to complete either a full "Site Certification" if you use the Internet or a "No Internet Site Certification" if you do not have an Internet connection or website for your business.

Standard Site Certification
(If you use the Internet.)

	Verifies your credit card handling processes
	Tests all external IP addresses (Internet connection points such as your company website, mail server, firewall, dial-up modem, wireless AP, etc.)
Starting at just $150/yr.

Site Certification - No Internet
(No Internet connection)

	Verify no Internet connection
Only $30/yr.

Don't worry about all the details! Your Compliance Specialist with InfoSafe will explain everything to you in easy-to-understand terms, and walk you through the entire process. We make it painless and simple for you. It doesn’t get any easier!

Is Site Certification Easy?
PCI compliance is easy and can be completed in as few as three simple steps. Site Certification does not require any software installation, software configuration, training or costly maintenance. All your technical support is included and there are no hidden fees.

The following diagram shows what steps may be required to be PCI compliant:

How you get and stay PCI Compliant

How you become PCI Compliant

Get Enrolled: We help you get enrolled with SecurityMetrics and their PCI certification program. SecrurityMetrics is the Approved Scanning Vendor (ASV) and Qualified Security Assessor (QSA) selected by INVISUS for the InfoSafe PCI Compliance Service.

Compliance Checklist: Once registered, the team at SecurityMetrics will walk you through the process of becoming PCI Compliant. This may include:

Self-Assessment Questionnaire
Network Security Scans
On-Site Security Audit (for larger companies)

Compliance may only take a couple of hours to finish, or it may take longer if you need to close certain security holes in your computer network. Either way, your Compliance Specialist with InfoSafe is also there to assist you throughout your PCI compliance process.

Validation: Validation of your compliance with PCI Data Security Standards is an important part of your PCI process. This gives your merchant bank (credit card processor) confidence that you are handling your customer’s information securely.

Together with SecurityMetrics, we simplify this process for you by providing automatic reporting to your merchant services once you have completed your PCI requirements. If for any reason you are not compliant, we will send you weekly email reminders to complete your compliance checklist.

Once you have completed your validation process, your business is certified PCI DSS compliant. SecurityMetrics then provides you with a printable certificate of compliance that we encourage you hang up in your place of business.

If you have a website and pass the website scan, you’ll have the option of putting one of SecurityMetrics’ PCI compliant certified logos on your website. This increases consumer confidence in your website and will help generate additional revenue.

Annual Renewal: Your PCI certification must be renewed annually. Annually renewing your PCI certification will guarantee that you are always up to date with the most current data security standards, and will help you avoid big fines and penalties for non-compliance.

For your convenience, we will notify you via email or phone when it is time for you to renew.

Hands on Help:

We will help you understand what security standards you are required to meet for PCI compliance, as well as explain what actions you need to take to validate with your credit card processors (merchant bank) that you are following these standards.
Our PCI Compliance Support Team with SecurityMetrics offers unlimited technical support, 24 hours a day, 7 days a week.
Support representatives are trained to help explain the PCI standards as well as interpret your scan results.

Learn more about PCI Compliance and who must comply

About PCI Compliance

The last several years have seen an unprecedented assault on personal and financial data that customers have knowingly or unwittingly entrusted to retailers, e-commerce businesses, banks, service providers and credit card companies. Credit card data in particular has been compromised so frequently that calls for government intervention and regulations have become widespread.

The payment card industry (PCI) countered the criminal onslaught with its own security initiative that is broader in scope and more specific in its requirements than any measures federal or state government regulation might have imposed. The Payment Card Industry Data Security Standard (PCI-DSS) is a comprehensive security standard that establishes common processes and precautions for handling, processing, storing and transmitting credit card data.

In September of 2006, a group of five leading payment brands including American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International jointly announced formation of the PCI Security Standards Council, an independent council established to manage ongoing evolution of the PCI standard.

PCI compliance is a multifaceted security standard that among other things, includes specific requirements for protection of cardholder data, implementation of a vulnerability management program, regular security testing, access control measures, and the maintaining of an information security policy.

Learn more from the PCI Security Standards Council.

Who must be PCI Compliant: Any business who accepts, processes, transmits or stores credit/debit card information, including retail, mail or telephone order, and e-commerce. Fines and deadlines for non-compliance vary depending on the Acquiring Bank and credit card companies you accept.

Penalties, Fines: Up to $10,000 on first violation for not implementing required safeguards. Visa Fraud Control fines of up to $500,000 per incident for any merchant or service provider that is compromised and not compliant at the time of the incident. Fines and penalties vary depending on the acquiring bank and credit card companies you accept.

Benefit for your Business: PCI compliance provides merchants with "Safe Harbor" from the fees and penalties associated with PCI non-compliance and card data compromise. By staying PCI compliant, you are relatively assured that you are following best security practices to prevent a serious security breach that would result in a serious loss of customer confidence in your business. Consumer confidence with credit/debit cards will help you maximize your sales and other revenue opportunities.

Benefit for your Customers: Being PCI compliant shows your customers that you care about them and that your business can be trusted with their credit/debit card information. It's critical that consumer confidence be preserved in today's marketplace with skyrocketing credit theft and fraud statistics.

PCI Compliance Pricing

Site Certification:

1 IP Address:	$150/yr
2 IP Addresses:	$210/yr
3 IP Addresses:	$290/yr
4 IP Addresses:	$350/yr
5 IP Addresses:	$400/yr
6 IP Addresses:	$475/yr

* Public facing IP addresses (Internet connections to your business or your website(s).)

Site Certification - No Internet:
$30/yr

How to order:
Simply add PCI Compliance to your InfoSafe service.

Call (801) 724-6211 and we'll conduct a very brief needs audit to help you determine final pricing for your business.

Who Needs This?
If you accept, process, transmit or store credit/debit cards, your merchant bank and the credit card companies require you to be PCI certified.

Are you already certified?
If you have completed a self-assessment questionnaire and have been evaluated and validated by an ASV/QSA CPI compliance provider, you are likely already certified PCI compliant.

If you are NOT certified...
You need to get your business compliant with PCI standards right away. Merchant banks and credit card companies are now assessing penalties and fines for non-compliance.

Note: Your credit card merchant service provider may have already arranged for your PCI validation. Contact your MSP for more information.