|
Introducing UMS Banking’s Credit Card Data Breach and PCI Security Program
(PCI = Payment Card Industry) |
What is it all about and Why do I need it?
|
 |
Several years ago the Visa, MasterCard, American
Express and Discover Associations got together to
work out how to stem the rising incidence of theft of
credit cardholders' information. They developed a 12
point program to prevent this.
The card associations have been slowly implementing
this plan, starting with the largest or most vulnerable
merchants first and working their way down. They
have also instituted a system and series of fines related
to breaches in security of cardholder information.
In order to avoid these fines and protect the cardholders,
merchants must show that they comply with their
"PCI Data Security Standards Program".
This flyer will help you understand the program,
how to protect yourself and your customers by
becoming compliant, and about new low-cost breach
protection now in place to protect your
business in the event of a data breach..
|
|
| |
How do I become PCI Compliant?
|
 |
There are 3 different paths you can take.
First, you can go out and hire experts to assist you. This can be very costly.
Second, you can enroll in an independent program.
Or third, the UMS Banking program can walk you
through the compliance maze.
|
|
The UMS Banking Program
|
 |
We have made this as simple as possible for you.
Although there are 12 basic principles and 286 points
to becoming compliant, they boil down to 5 basic
requirements.
These are:
1. Each merchant must have a terminal which is PCI compliant. We will work to ensure this is the case.
2. Any merchant using a PED (PIN entry device) must be using a PCI compliant PIN pad, with Triple DES encryption. Again, we routinely work with our merchants on this.
3. Each merchant must have a policy in place to ensure the safeguarding of cardholder information. This varies depending upon the type of business you have and whether or not you store any cardholder information.
4. Every merchant must do a Self Assessment Questionnaire(SAQ) annually. There are several versions of this and it is important that the correct one for your business is selected. The SAQ really gives you the backbone for ensuring all necessary steps are in place in your business.
5. For merchants with an outward facing IP address, you must undergo an "external scan" of your system quarterly to ensure that hackers cannot get in. If you use USAePay as your gateway provider, this is already done for you as part of their PCI
service.
|
|
How UMS Banking Can Assist You
|
 |
Part 1: Yearly SAQ’s Made Simple
Filling out a Self Assessment Questionnaire is a yearly requirement for all merchants. But knowing which SAQ to fill out and filling it out is a complicated process. So UMS has partnered with PCI Applications to host a new PCI compliance site where you login and answer a few business language questions. Based on your answers, it will tell you which SAQ you need to complete. You can fill it out on the spot and save the results. You can also register completion of the SAQ with us. We will remind you next year when it is time to do it again.
|
click on  |
 |
Part 2: Breach Protection
Unfortunately, the reality of credit card fraud is not if, but when.
Being diligent, being PCI compliant
and hoping that you have all your bases covered does
not always prevent a breach.
|
Consider these real-life examples:
- Skimmers (small handheld devices) were used at Sam's Club gas
stations to steal credit card information from 600 customers.
- A hacker installed a keylogger (a computer program that
unbeknownst to you logs all keyboard strokes) to record every
character typed on 13 Kinko's computers in Manhattan and later sold
the data.
- A waitress in a Memphis restaurant used a magnetic card reader
to swipe credit card information from some 150 customers of her
employer's restaurant.
- A restaurant had a bank bag with all its credit card transactions
stolen.
- A salon in La Quinta, CA had 288 card numbers stolen.
A computer server stocked with credit card information was stolen
during a burglary at a HoneyBaked Ham store.
Smaller merchants represent 86% of all security breaches.
In the event of a breach you need a backup. Even a small breach can be costly. So UMS Banking provides this needed backup to our customers today by providing our breach protection plan.
|
| |
What does breach protection cover for you?
|
 |
The program covers the financial impact of :
• A mandatory forensic audit required by the Payment Card Industry Data Security Standard(PCI DSS) when a data breach is suspected. This audit will confirm whether an actual breach has occurred and pinpoint where your system is most vulnerable.
• Card replacement costs and related expenses.
• PCI DSS assessments and fines resulting from a data breach.
|
AND… the best news is that the program covers you regardless of whether you are PCI compliant or not at the time of the breach!
The protection is $50,000 per MID (and $500,000 per occurrence for merchants with multiple MIDs)—with no deductible.
|
| |
That's it—it's that easy!
|
 |
It's easy to enjoy the protection—and the peace of mind—offered by our PCI Program. In fact, we'll automatically enroll your business in the program you don't have to do anything! (The $6.95 charge will appear on your monthly billing statement).
As a merchant taking credit cards, you are required to be PCI Compliant. Our program offers value above and beyond what we've seen in other programs at a cost we haven't found anywhere else.
Of course, the choice is yours – if you want to sign up with another program, you can opt out by providing evidence enrollment in an alternate program.
On the other hand, it's easy to enjoy the protection and the peace of mind offered by our PCI Compliance Program. You don't have to do anything – the $6.95 charge will appear on your monthly billing statement.
We at UMS enjoy making your life simpler by providing you a superior program at a fraction of the cost!
|
| |
|
 |
Protect cardholder data.
Protect your business. |
| |
For further information visit the following websites:
 www.visa.com/cisp
 http://www.mastercard.us/security.html
 https://www.pcisecuritystandards.org
|
|
