DO NOT check this box if you are using a public computer. User IDs potentially containing sensitive information will not be saved.
Sign on to Online Banking
Sign on to another service:
Data Security Requirements
Understanding Card Data Security Requirements
The Payment Card Industry Data Security Standards (PCI DSS) were created by the Payment Card Industry Security Standards Council (originally formed by Visa®, MasterCard®, Discover® and American Express® and to establish basic security standards for credit card processing.
By following these standards, you help protect your customers' sensitive card data while safeguarding your business. PCI DSS compliance can help you avoid legal issues resulting from security breaches, as well as fines imposed by the credit card companies for noncompliance.
You can start by following these basic PCI DSS data security requirements:
- Install and maintain a secure network firewall to protect cardholder data across public networks.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
- Protect stored cardholder data, and encrypt transmission of cardholder data across open, public networks.
- Do not store or retain magnetic stripe data, PIN data or Address Verification System (AVS) data. Only the cardholder account number, name and expiration date should be retained after transaction authorization.
- Do not store or retain Card Validation Codes, the three-digit values printed in the signature panel of most cards (four-digit code printed on the front of an American Express card) after transaction authorization.
- Do not transmit cardholder account numbers to cardholders for Internet transactions.
- Use and regularly update anti-virus software on all systems commonly affected by malware and keep security patches up to date.
- Restrict access to cardholder data in your business on a "need-to-know" basis.
- Assign a unique ID to each person with computer access to cardholder data and use this ID to track access to the data.
Monitoring and Testing
- Maintain a policy that addresses information security for employees and contractors.
- Regularly test security systems and processes.
Whether you are a small retail shop with a single terminal or a large business with thousands of payment card customers, you will need to validate that you are PCI DSS compliant.
1. The first step is to complete a PCI DSS Self Assessment Questionnaire (SAQ). PNC Merchant Services is working with Trustwave® to provide validation services at a preferred price. Register on their site to access all of Trustwave's online resources.
2. If your business uses POS software instead of terminals to process card payments, you may need to answer an expanded questionnaire and participate in a PCI DSS Network Vulnerability Scan.
Important Information and Disclosures
Merchant Services are provided by PNC Merchant Services Company and are subject to credit approval. PNC Merchant Services is a registered trademark of The PNC Financial Services Group, Inc.
GET IN TOUCH
Banking on the Go
We have tools to help you bank when and where you want.Mobile Apps Directory »
Be part of our inclusive culture that strives for excellence and rewards talent.Visit PNC Careers »
The PNC Financial Services Group, Inc. All rights reserved.