Understanding PCI

What is PCI?

PCI, short for PCI-DSS, stands for Payment Card Industry Data Security Standards. PCI-DSS provides information security standards for all organizations that collect, process, and store credit card data.

Why do I have to comply with PCI standards?

Any merchant that accepts credit and debit cards electronically, regardless of the type of system they use, is required to follow the card brands' rules regarding security. PCI-DSS states that protecting cardholder data is the responsibility of every merchant. The adopted common standards of PCI-DSS provide merchants with unified guidelines on how to protect sensitive data.

The requirements for PCI-DSS compliance range from making sure there is no sensitive card data stored on your systems, to following data security policies.

Where can I find a copy of the PCI-DSS standards?

The complete list of standards is available for download from the PCI Security Standards Council.

What is Qualpay’s relationship with Security Metrics?

As your Acquiring Bank, we provide you with a merchant account to process credit card payments. As part of our responsibilities to the card brands, we are required to make sure that every merchant is compliant with PCI-DSS. To make the process as easy as possible for all parties, we have partnered with Security Metrics, a security firm with deep expertise in PCI-DSS, to assist you with the process of validating compliance.

What Services does Security Metrics offer?

Our agreement with Security Metrics includes three services; the first two services are included with your Qualpay account at no additional cost.  

  1. Scoping Questionnaire.  The scoping Questionnaire is a series of questions that will determine which Self Assessment Questionnaire, or SAQ you will need to complete.
  2. Online SAQ form.  
  3. Scanning. If the scoping questionnaire indicates that system scanning is needed, a scanning service will be offered.

All results are transmitted automatically from Security Metrics to Qualpay. Qualpay will submit your SAQ and Scan (if applicable) results to the card brands on your behalf.

I already am compliant with PCI-DSS and can provide the attestation of compliance to Qualpay.

You are not required to use the Security Metrics service.  You can use any vendor of your choosing.  If you do choose to use a vendor, please send us a copy of your most recent scan results and SAQ to pci@qualpay.com.

I have a Qualpay merchant account, how do I contact Security Metrics to start the PCI process?

If you need to contact Security Metrics, our Customer Support Team will be able to assist you.