As a valued Spectrum Merchant Services customer and a merchant accepting credit/debit cards for payment, you are required to become compliant with the Payment Card Industry Data Security Standards (PCI DSS). The PCI DSS details security requirements for members, merchants and service providers that store, process or transmit cardholder data. This means that the processes and applications by which your business processes and handles credit and debit card data must abide by the standards set forth by the PCI Security Standards Council. These standards were established by the major credit card associations. To demonstrate compliance with the PCI DSS, merchants are required to submit an attestation of compliance annually.

Spectrum Merchant Services has partnered with ControlScan to assist you in understanding and meeting the requirements needed to validate and maintain PCI compliance. ControlScan’s easy-to-use solution and detailed level of support make achieving compliance less complicated.  ControlScan’s PCI 1-2-3 compliance program will provide you with access to:

• ControlScan’s PCI 1-2-3 Self-Assessment Questionnaire
• ControlScan’s PCI 1-2-3 Policy Builder
• ControlScan’s PCI 1-2-3 Security Awareness Training
• ControlScan’s PCI 1-2-3 Scanning (if applicable)
• Knowledgeable support staff

It is YOUR responsibility, as a merchant accepting credit and debit card payments, to safeguard customer card data by becoming PCI compliant. Again, in order to comply with the card brands and avoid potentially hefty fines, Spectrum Merchant Services is requiring that all merchants meet PCI DSS requirements as soon as possible.

For more information about your PCI compliance programplease call ContolScan Support at 800-370-9180 or visit www.controlscan.com/sms.

Statistics supporting the need for a PCI program:

• In 2008 more than 285 million records were compromised in the 90 confirmed breaches contained in this study – exceeding the combined total 2004-2007!
• 81% of breach victims were not PCI compliant – The typical organization had met less than a third of the requirements in PCI. These breaches in general did not occur in organizations that were highly PCI compliant.
• Retail (31% of breaches) is the most affected industry, Food Beverage was third (14% of breaches)
• 26% of breaches occurred at businesses with 100 or fewer employees – almost one third of those had 10 or fewer employees
• 20% of breaches were caused by ‘internal’ sources – 7% of those were caused by business partners acting alone
• 73% of ‘attacks’ were committed by attackers with ‘low’ or ‘none’ special skills
• 28% of attacks were deemed ‘Random Opportunistic’ – the victim was identified while searching randomly for weaknesses in the business
• 32% of breaches the POS System was compromised
• 27% of breaches occurred in only ‘minutes’  - 49% of breaches took more than a month to be ‘discovered’