IMPORTANT - EIN Presswire is proud to announce the launch of its AI-powered press release generator. Try it now!

There were 860 press releases posted in the last 24 hours and 401,731 in the last 365 days.

PCI DSS Compliance: Optional for Level IV Merchants?

Within the card payment space, there is a dangerous myth that PCI DSS compliance is optional for Level IV Merchants.

Merchants of all size must comply with PCI DSS if they accept even one credit card.
— Patrick Bass
SAN ANTONIO, TEXAS, USA, June 7, 2015 / -- There is a dangerous belief among many smaller merchants that PCI DSS compliance is optional. In fact, merchants of all sizes must comply with PCI DSS if they accept even one credit card. However, PCI DSS compliance reporting is at the discretion of the Level IV merchant’s acquiring bank. Unfortunately, for these merchants, they soon realize that compliance validation reporting does not negate PCI DSS compliance. If and when a breach happens, any merchants not compliant with PCI DSS face a number of fines and other punitive measures. This holds true for merchants of all levels.

“My best advice is to carefully read your merchant agreement,” said Patrick Bass, Co-Founder and Chief Executive Officer of InfoSecure. According to Bass, “The merchant’s agreement with their card processor carefully defines what is required with respect to security and PCI DSS. Larger merchants may be able to absorb the cost of hiring a forensic auditor, paying increased transaction fees, and monthly fines, but these costs have the real potential of forcing smaller businesses out of business.”

All in, a smaller business could endure the expense of a forensic auditor ($25K-$50K), monthly fines as determined by the acquiring bank and card brand, and several points of increased transaction fees. On an annualized basis, this could easily amount to $75K-$100K. Additionally, breached merchants must report at the Level I requirement for a period of time following a card breach. This removes the ability for a merchant to be self-assessed and adds the cost of hiring a PCI Qualified Security Assessor (QSA) to perform an annual Report on Compliance (ROC). Depending on scope and may other factors, this additional expense could tack on another $7-$25K dollars per year.

“As you can see, even if the bank isn’t requiring PCI DSS compliance reporting, it makes sense from a financial and risk perspective for merchants of all sizes to have a comprehensive credit card security program,” explained Bass. “As a leading provider of credit card security professional services, InfoSecure is ready to assist merchants with all aspects of their information security management system.” To add additional value, InfoSecure works closely with Qualified Security Assessor Companies (QSACs) to provide PCI DSS Reports on Compliance.

InfoSecure helps organizations of all sizes comply with PCI DSS. The professional services firm, headquartered in San Antonio, Texas, provides many services that service providers and merchants need for PCI DSS compliance.

* Internal/external penetration testing
* Risk assessment execution
* Disaster recovery / business continuity plan creation
* Policy and procedure development
* Incident response plan creation
* Architecture review
* PCI DSS Reports on Compliance
* Experian EI3PA Reports on Compliance
* ISO 27K Information Security Management System program development
* Staff augmentation
* IT auditing
* Firewall reviews
* Network reviews
* Vulnerability scanning
* PCI DSS consulting services
* PCI DSS Policy Template Toolkit

The company employs experienced professionals that include former CxO executives with the technical and business acumen needed to successfully manage complex security and compliance issues to completion.

Patrick closed with this remark, “We have impeccable references from A-list clients. As niche providers, we have optimized processes that help lower price points while increasing the value we are able to provide to our customers. We’d love the opportunity to demonstrate this value in a meaningful way and we are ready to help anyone who calls.”

For more information about InfoSecure, visit their corporate website at or call them 24/7 at 877-674-6965.

Patrick Bass
email us here