HomeServicesProductsLearning CenterResourcesAbout UsContact Us
 
News 
October 2017 Mandate Summary (10/1/2017)
Effective October 2017, the Card Brands will make modifications. Below are the highlights of the changes that will most affect you and your merchants:

Read More

 
 PCI DSS Compliance
All Merchant Must be PCI Compliant!!


Assistance Service Program  
Tinadre Inc has established a relationship with Security Metrics, a leading provider of PCI audit and scan services. They are certified by the PCI Security Council as a Qualified Security Assessor (QSA) and Approved Scanning Vendor (ASV). Enrolling with Security Metrics will provide you with access to trained professionals to help your business comply with the PCI DSS. They will work with you to conduct an analysis of your account, assist with any necessary remediation efforts and help you certify your compliance. The service will guide you through the completion of your PCI DSS Self-Assessment Questionnaire (SAQ) and includes (if applicable) the required quarterly scans of your processing systems. To learn more about Security Metrics and to initiate an analysis of your account, please choose from one of the following enrollment options:
  • Online: www.securitymetrics.com
  • Fax: see the enclosed PCI Enrollment Data Sheet
  • Mail: see the enclosed PCI Enrollment Data Sheet
  • Phone: call Security Metrics toll-free at (800) 557-4684

Frequently Asked Questions  
 
What is PCI DSS?
The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of requirements for enhancing payment account data security. These standards were developed by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa, Inc. to facilitate industry-wide adoption of consistent data security measures on a global basis. The standard aims to increase awareness and promote best practices in the handling of sensitive
information as a means to minimizing identity theft and fraudulent transactions.

NOTE: All merchants must read the PCI DSS - Click here to download a complete copy

Back to Top  

Is PCI DSS new?
No. The framework of the PCI data security standards has existed in different forms for some time now and continues to evolve. You may be more familiar with the payment brands' programs that promote the adoption of the PCI DSS.
  • MasterCard: Site Data Protection (SDP) program - Read More
  • Visa: Cardholder Information Security Program (CISP) - Read More
  • Discover Network: Discover Information Security & Compliance (DISC) - Read More
  • American Express: Data Security Operating Policy - Read More
Back to Top  

I only process a few hundred dollars a month. Does my merchant account still need to be PCI compliant?
Yes, all merchants, whether small or large, are required to be PCI compliant. The payment brands have collectively mandated PCI DSS compliance for any and all organizations that process, store or transmit payment cardholder data. Inherent in having a merchant account is the ability to handle cardholder data.

Back to Top  

I already use a "PCI compliant" terminal/gateway. Doesn't that mean I am PCI compliant?
No. Use of a PCI compliant payment application is one aspect of the many PCI DSS requirements, which cover handling of sensitive data. Currently, the PCI DSS lists twelve requirements. These requirements are organized around the following principles:

  • Build and maintain a secure network
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy
Back to Top  

Can I choose not to certify for PCI compliance?
PCI Certifications and Compliance is mandatory! If you choose not to complete the self-assessment questionnaire (and applicable network scans) you may overlook certain data security practices that minimize your risk of a security breach. In the event that your business is compromised, you may be subject to substantial fines per payment brand. These fines would be in addition to the expenses and fraudulent transactions resulting from the breach. In light of the importance that data security has to the payment processing industry and consumers at large, we, as your service provider, will begin imposing a fee for each month that your account has not been validated as PCI compliant or in any given month your account is deemed non-compliant. Failure to validate compliance may result in the termination of your merchant account.

Back to Top  

What do I need to do to validate my PCI DSS compliance?
We have established a relationship with Security Metrics, Inc., a leading provider of PCI audit and scan services. Security Metrics' service includes: assistance in determining which version of the Self-Assessment Questionnaire is appropriate for your business; administration of any applicable network scans; guidance on any necessary remediation efforts; and certification and validation of your account's compliance. These Security Metrics services are available to you as part of our PCI Compliance Assistance Service Program. You can take advantage of this opportunity by enrolling with Security Metrics via their Web site securitymetrics.com or by calling (800) 557-4684.

Back to Top  

How long is the PCI compliance certification valid?
The PCI compliance certificate is valid for one year from the date the certificate is issued. To maintain your compliance, you are required to complete the PCI DSS self-assessment questionnaire annually and conduct any applicable network scan on a quarterly basis.

Back to Top  

Do I have to use Security Metrics?
No. There are more than 130 qualified security assessors and approved scanning vendors. You are free to choose to certify with any vendor you like. However, if you choose to certify with another vendor you will be responsible for paying the full cost of the PCI Compliance analysis to that vendor. A list of approved vendors is available on the card association web site or at pcisecuritystandards.org.

Back to Top  

What if I have already been certified or choose to certify through another Qualified Security Assessor (QSA)/Approved Scanning Vendor (ASV)?
If you have already been PCI DSS certified or if you choose to use another QSA/ASV, please submit your certification documentation to us via fax to (813) 866-0462.

Back to Top

 
 
Quick Links 
First Data Global Gateway
The Global Gateway Virtual Terminal is an online payment application that allows you to accept credit cards and other payment types using your PC.

Visit Now


Orbital Virtual Terminal
Virtual Terminal is a web-based point-of-sale terminal for key entered transactions and a wide range of features.

Visit Now


iTerminal
iTerminal is an web based application for point-of-sale transactions without a physical terminal.

Visit Now


More Merchant Login
View a list of login links to help find your way to our products.

Visit Now


First Data Rapid Comply
PCI Assessment

Visit Now


Trustwave (Sterling)
PCI Assessment

Visit Now


Tinadre Mobile Site 
 

 Copyright© 2004-2018 Tinadre Inc. Site Map |  Site Policy |  RSS Feed   
Disclaimer - Important Consumer Information
The External links being provided are strictly as a courtesy to our clients. When you click on a links to another sites, you are leaving our site. Our company makes no representation as to the completeness or accuracy of information provided at these sites. Nor is the company liable for any direct or indirect technical or system issues or any consequences arising out of your access to or your use of third-party technologies, sites, information and programs made available through this site. When you access one of these sites, you are leaving Tinarde.com and assume total responsibility and risk for your use of the sites you are linking to.
American Express account may require separate approval.
Tinadre Inc is a registered ISO of Wells Fargo Bank, N.A., Walnut Creek, CA