PCIBanner.jpg

At Gravity Payments we are making PCI Compliance simple and affordable for our clients

PCI Compliance Made Easy. Enroll Today!

Simply follow the registration link below, and you’ll be on your way to becoming PCI Compliant.

Register now

What is PCI Compliance?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. 

Who needs to comply with Gravity Payments PCI Compliance Program? 

All merchants processing via IP (internet) - regardless of processing volume - even if they are using compliant service providers. This means merchants processing over the internet using a terminal, a POS system, or a gateway. 

What are the steps to becoming compliant? 

  1. Complete a Self Assessment Questionnaire (SAQ)
  2. Complete and provide evidence of a vulnerability scan from an approved vendor on a quarterly basis
  3. Complete the Attestation of Compliance
  4. Submit the SAQ/Attestation of Compliance and evidence of passing a scan to Gravity Payments

How does my business become compliant? 

We make the process easy and affordable for you. The first step is to enroll in our PCI Compliance Program, and you can do that by completing our simple registration form

For just $85/year OR $10/month, you receive: 

  • Unlimited Assistance throughout the process
  • PCI 1-2-3 Self Assessment Questionnaire 
  • PCI 1-2-3 IP Scanning 
  • PCI 1-2-3 Policy Builder
  • PCI 1-2-3 Security Awareness Training 

If you would rather complete the program unassisted, point your browser to www.pcisecuritystandards.org. you will also need to find an approved vendor that provides secure quarterly IP scanning. 

My payment application (POS, terminal, website) is already compliant. What else do I need to do? 

Utilizing a compliant payment application is a best practice, and is part of becoming compliant. PCI compliance also encompasses data security, physical security and network security. 

What is a network security scan? 

A network security scan involves an automated tool that checks a merchant’s network for vulnerabilities. The tool will conduct a non-intrusive scan and remotely review networks and web applications based on the external-facing internet protocol (IP) addresses provided by the merchant or service provider. The scan will identify security vulnerabilities in operating systems, services and devices that could be used by hackers to target private networks. You will not be required to install any software. 

Does my business need vulnerability scanning to validate compliance? 

if you electronically store cardholder data post authorization or if your processing systems have any internet connectivity, a quarterly scan by a PCI DSS Approved Scanning Vendor (ASV) is required. 

Where can I find the PCI Data Security Standards (PCI DSS)?

The Standard can be found on the PCI SSC website

How can I become a Gravity Payments customer and take advantage of this program? 

That’s simple! Contact us today and we will take care of you. We look forward to hearing from you.