Visa’s CISP (Cardholder Information Security Program) and MasterCard’s SDP (Site Data Protection) programs are security initiatives that require merchants to safeguard card data. Visa and MasterCard, along with the other card brands, have adopted common industry security requirements referred to as the Payment Card Industry Data Security Standards (PCI DSS).
Customers and businesses using electronic forms of payment expect their cardholder data to be stored securely and privately. Member Service Group helps educate its merchants on the basics of data security and the mandatory industry requirements around the protection of data throughout the payment transaction process.
Yes. All entities (merchants or service providers) that store, process, or transmit cardholder data must comply with the PCI DSS. The requirements apply to all acceptance channels including retail (brick-and-mortar), mail/telephone order (MOTO) and eCommerce. Validation requirements vary depending on the number of transactions an entity processes.
For a list of the current PCI Data Security Standards, please visit PCI Security Standards Council.
Merchants and their services providers are allowed to store only the following data subsequent to authorization: