Faith Direct is fully compliant with the security regulations designed by the Payment Card Industry (PCI) Security Standards Council. As a Level One merchant our systems are subject to the highest level of scrutiny contained in the Payment Card Industry Data Security Standard (PCI DSS) requirements. The systems and procedures practiced by Faith Direct meet or exceed each of the 12 requirements in the PCI DSS. Faith Direct’s secure systems are subject to quarterly security scans and a comprehensive annual on-site recertification process performed by a qualified security assessor.

To download the Faith Direct Certificate of Compliance click here.

To view the Faith Direct listing on Visa and Master Card’s list of compliant merchants please visit the links below.
http://usa.visa.com/download/merchants/cisp_list_of_cisp_compliant_service_providers.pdf http://www.mastercard.com/us/sdp/serviceproviders/compliant_serviceprovider.html

What is PCI?

The Payment Card Industry Data Security Standard is a comprehensive set of requirements designed to protect payment account data security. These standards known as the PCI DSS were developed by the Payment Card Industry Security Standards Council and are accepted by all major payment brands including; American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. International. The PCI DSS has been broadly adopted to maintain a consistent data security standard that is centrally maintained by members from all aspects of the payment card and security industries.

The PCI DSS takes a multifaceted approach to protecting payment card information. This approach which includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures provides organizations a method for proactively protecting secure customer financial data. The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized:

Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security

All merchants whether small or large need to be PCI compliant. While enforcement of the PCI DSS is dependent on each payment brand, as the adopted standard of all brands, every merchant processing credit cards must be PCI DSS compliant. Any merchant that is not certified as PCI compliant is subject to fines and may have its ability to process credit cards revoked.

For more information on the PCI DSS please visit the website for the PCI Security Standards Council. https://www.pcisecuritystandards.org/