The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. It was launched on September 7, 2006, to manage PCI security standards and improve account security throughout the transaction process. An independent body created by Visa, MasterCard, American Express, Discover, and JCB, the

 PCI Security Standards Council (PCI SSC) administers and manages the PCI DSS.  The payment brands and acquirers are responsible for enforcing compliance rather than the PCI SSC.

To enhance payment card data security, the PCI Security Standards Council (SSC) provides comprehensive standards and supporting materials, including specification frameworks, tools, measurements, and support resources to help organizations always ensure cardholder information security. The PCI DSS is the cornerstone of the council, as it provides the necessary framework for developing a complete payment card data security process that encompasses the prevention, detection, and appropriate reaction to security incidents.

PCI DSS 3.2 Checklist for Compliance

• Install and maintain a firewall configuration to protect cardholder data.
• Do not use vendor-supplied defaults for system passwords and other security parameters.
• Protect stored cardholder data.
• Encrypt transmission of cardholder data across open, public networks.

In order to use our payments solutions like TotalPay & the Payments Platform, clients go through the process of creating a merchant account.  One of the requirements of merchants is that they attest to their PCI-DSS status annually.  The PCI-DSS status for an AndDone merchant is very minimal since all of the technology is hosted by AndDone and the insurance provider doesn’t store or handle credit card data.

To make this attestation as simple as possible, we have contracted MAXpci, a PCI-DSS Compliance firm, to offer our AndDone merchants who were onboarded a simple way to meet PCI-DSS requirements. The offer has been sent directly from MAXpci to our AndDone merchants. Below is information to help you answer any questions.

What is PCI-DSS?

The Payment Card Industry, Data Security Standards, are requirements designed to minimize theft and misuse of sensitive credit card data at every level of credit card processing.

Who has to comply?

Member Banks - Acquiring Bank and Card Issuing Banks. Merchants - Any merchant who accepts major card brands, including Visa, Mastercard, American Express, and Discover. Service Providers - Internet Gateways, Shopping Cart Vendors, and Hosting Companies

What is MAXpci?

MAXpci is a web-based PCI-DSS Compliance firm. AndDone has contracted MAXpci to offer our merchants a simple way to meet PCI-DSS requirements.

MAXpci will send our merchants 1 email/per month until the merchants either use the MAXpci service or opt out.

Is my client required to use the MAXpci service?

No, but we recommend it. Our AndDone merchants can meet PCI-DSS requirements using any third party of their choosing. If the merchant is already PCI-DSS compliant, they can opt out of receiving emails from MAXpci.