Canadian Payments Experts

As Canada's emerging leader in payment processing, we help businesses of all sizes accept credit and debit card payments. We process transactions in all regions of Canada, whether face to face, by mail order, telephone order or over the internet, we are the solution for your business.

Payment Card Industry Data Security Standard (PCI DSS)

Protecting your customers, securing the industry

PCI DSS is a set of 12 requirements designed to secure and protect customer payment data, as most security breaches could be avoided if merchants:

  • Remove sensitive authentication data and limit data retention
  • Protect the perimeter, internal and wireless networks
  • Secure applications
  • Protect through monitoring and access control

Setting the standard for security

To date, criminals have stolen millions of customer card records, leaving the industry facing the increasing threat of data theft.

That's why card payment companies joined forces to create the Payment Card Industry Data Security Standard (PCI DSS) with the aim of safeguarding sensitive card data.

By implementing the standards, businesses are protected against:

  • Communication Shutdown

    Businesses that rely heavily on the internet are financially vulnerable to any loss of connectivity. This threat can be reduced and even prevented by building and maintaining a secure network that's protected by one or more firewalls.

  • Account Tampering

    Installing up-to-date antivirus software to help resist Trojans and other malicious viruses protects data that's been entered, stored, processed and maintained by merchants.

  • Identity Theft

    By protecting and encrypting cardholder data that's in transit across public networks, private details such as name, address, account number and expiry date are kept hidden.

  • Internal Theft

    By using secure internal access controls, businesses and service providers can protect cardholder data from dishonest insiders and external fraudsters.

  • Website Tampering

    To prevent 'defacement' where a slight alteration of web data entry forms deceives customers into revealing sensitive data, companies must be adequately protected by their network.

  • Ghost Attacks

    Constant monitoring of activity prevents critical log and audit information being tampered with or erased and allows attacks to be traced back to source.

  • Legal Entaglements

    With correct measures in place, businesses can avoid having illegal pornography or pirate movies copied onto their business computers.

Does PCI Apply To You?

If you store, process or transmit any cardholder data electronically or manually, then your business needs to comply.

You're allowed to store primary account numbers, cardholder names, service code and expiry dates, provided they're protected in line with PCI DSS requirements.

You're not allowed to store the following and if you are, must remedy the oversight immediately:

  • Full magnetic stripe – track 2
  • CVC2/CVV2/CID
  • PIN/PIN block
  • Sensitive authentication data, even if encrypted

Why your business needs to comply

At Unified Payments, it's our duty to regularly report to VISA and MasterCard, letting them know the status of merchants' compliance with PCI DSS. Based on these reports, they select businesses to investigate, with those found to be non-compliant facing fines and fraud costs.

That's why complying with PCI DSS should be seen as an insurance policy, protecting your business from the financial costs of failing to secure card data.

Furthermore, working towards compliance helps improve your processes, allowing you to operate more securely.

If you have any questions regarding PCI Compliance and your responsibilities, please contact Unified Payments representative at info@unifiedpayments.com.