Merchants who process over 1 million Master Card or VISA transactions need to be concerned about data security and PCI Compliance. Card companies like AMEX, Master Card and VISA are increasing their emphasis on Level 2 merchants who fall into this category. We are seeing much greater attention paid to firms in the East Coast and West Coast to demonstrate compliance. It usually means that these merchants need to engage a QSA firm or have their own certified Internal Security Assessors to certify that they are compliant.
Some merchants we deal with thought they could just drop AMEX and carry on with other card companies. Really? Please keep in mind that there are five card companies that form the PCI council. The problem is that demonstrating compliance with 286 controls in PCI DSS really means that you have to be able to show evidentiary support. It cannot be done overnight and to achieve true compliance you have to have the systems and personnel to carry out the process. Folks, get busy and become serious about this issue. If your business is dependent on credit card transactions, then you need to take this seriously. It all starts with a simple email from your acquiring bank.