PCI DSS (Payment Card Industries Data Security Standard) was developed by the major credit card companies as a guideline to help organizations that process, store or transmit card payments. The program helps prevent fraud, hacking, identity theft and various other security vulnerabilities and threats.

• Merchants are required to be PCI DSS Compliant. The compliance must be certified annually. • Minimize any cardholder data storage and protect any stored cardholder data. Eliminate CVV2 and magnetic stripe storage of any kind.

• Encrypt all transmission of cardholder data and sensitive information with truncation or a SSL.

• Do not provide cardholder data or a customer’s personal information over the telephone.

• Truncate the merchant’s copy and the customer’s copy of every receipt and end of day report printed.

• Institute a data security policy that each employee must follow.

• Do not impose a minimum or maximum amount to accept credit card transactions. • Do not impose any surcharges for customers using credit cards.

• Process refunds for merchandise returns or adjustments on the same credit card that was used for the initial purchase or transaction.

• Do not split transactions or process multiple transactions in effort to gain authorization from a sale. Always process the full amount in one transaction.

• Do not process transactions through your terminal for another merchant or any other individual at anytime.

• Do not use your personal credit card to process transactions through your merchant account at anytime.

• Notify Card Systems of any changes to your checking account. Notify American Express, Discover and lease company directly with changes.

• Have your terminal password protected on functions regarding security.