PCI Compliance





The creation of PCI and CISP standards has been needed for years. JSA Technologies supports this initiative and all like it. JSA Technologies standards for internet and database security far exceed that of PCI certification. During the course of becoming PCI certified JSA was recognized for having software that is unique and ground breaking. Also the process and procedures that we follow are so outstanding that we were asked to share it with other companies so that they may follow our example.

Understanding PCI and what it's impact is on your specific business is very important. We have found that there is a lot of misinformation and assumptions about PCI.

Here are the things you should know about PCI compliance:

  1. PCI certification is a process by which Visa, through a third party agency, examines the infrastructure behind every business that processes credit card transactions. From the firewall to the encryption to the physical location of the servers, the standards cover many different areas that come into contact with the credit card transactions.
  2. There is a list that Visa publishes of the current PCI compliant vendors. Appearance on this list however takes two distinct steps. First you must meet or exceed all the standards set forth by PCI. Second you must have a financial institution perform a brief review of the business to determine that it is a business that is reputable and stable.
  3. If you are a business or college or university looking to accept credit cards as a form of payment, you need to first ask for the annual Visa compliance certification letter from the vendor you are thinking about doing business with. Second, you need to talk to your bank to determine if that vendor has been certified for PCI specifically by your bank.
  4. PCI regulations are always changing. It is important that you choose a vendor that is capable of maintaining certification.
  5. Each vendor is required to undergo an extensive external scan of the servers processing the credit card transactions. If the vendor passes the scan successfuly they will be provided with a monthly certificate signifying their on-going compliance. Ask to see the monthly certificates as well.