How you're protected against data beaches
As a member of the MainStream family, you'll receive Breach Protection Insurance, which helps businesses safeguard against the crippling effects of a data breach.
If this unfortunate event should occur, your business could be liable for the following expenses:
- A forensic audit when a data breach is suspected
- Card replacement costs and related expenses
- Assessments and fines levied by card sponsors for data breaches
- Even the fraudulent charges on the compromised cards
These fines add up very quickly! The good news is this new program eliminates the first $100,000 in PCI expenses.
Our PCI Compliance program helps protect your business against network breaches, physical loss, and even employee theft! Plus, it includes protection from data breaches due to network hacking, card skimming, key logging devices, and physical losses resulting from employee dishonesty or third-party theft of computer or paper records!With card fraud on the rise, it's important to take advantage of this great new opportunity and protect your business today!
How to log into the Aperia website
If you have PCI questions you can contact Aperia toll-free between the hours of 9:00AM EST- 7:00PM EST, Monday-Friday, at 844.216.2241 or visit www.pciapply.com to access your merchant portal using the following credentials:
User Name: 14-digit Merchant ID Number, i.e., 848700166XXXXX or 848700189XXXXX
Password: Last (5) digits of the MID plus the merchant’s UPPERCASE State abbreviation, i.e., XXXXXGA
Aperia’s Help Desk also offers interpreter support for a variety of languages including Spanish, French and Mandarin Chinese!
Discover why thousands of businesses trust MainStream
PCI Compliance FAQs
What is PCI compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment and prevent credit card fraud.
The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB).
Essentially any merchant that has a Merchant ID (MID) is required to meet PCI compliance requirements.
Who is Aperia Solutions?
Aperia Solutions has led PCI compliance efforts on behalf of millions of merchants, providing self service tools and help desk support to heighten compliance levels with a minimum of cost and interruption.
We have partnered with Aperia to provide your business with a comprehensive set of PCI compliance tools and the support necessary to validate your business’s PCI compliance.
For more information visit: https://www.aperiasolutions.com/Compliance/Pci
Who has to be PCI Compliant? Do I have to do this?
PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accept, transmit or store any cardholder data.
What happens if I do not comply?
Merchants that do not comply with PCI DSS may be subject to fines, card replacement costs, costly forensic audits, brand damage, etc., should a breach event occur. Many acquiring banks are issuing fines for merchants who do not comply with PCI.
For a little upfront effort and cost to comply with PCI, you greatly help reduce your risk from facing these extremely unpleasant and costly consequences.
Why haven’t I heard anything from the card brands regarding PCI compliance?
The individual card brands are requiring that the Merchant Banks/Processors implement individual PCI compliance programs to educate merchants on compliance and ensure that they meet PCI compliance requirements.
They’ve required that all Merchant Banks/Processors have a plan in place to ensure that all of their merchants obtain and maintain compliance with the standard.
Most of the breaches you hear of in the news are large retailers, but many people do not realize that over 80% of compromises occur at small merchant locations.
What are the penalties for noncompliance?
The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The card brands will most likely pass this fine on to the Merchant Acquirer until it eventually hits the merchant.
How do I get started?
If you have PCI related questions you can contact Aperia toll-free between the hours of 9:00AM EST- 7:00PM EST, Monday-Friday, at 844.216.2241 or visit http://www.pciapply.com/msms to access your merchant portal using the following credentials:
- User Name: 14-digit Merchant ID Number, i.e., 848700166XXXXX or 848700189XXXXX
- Password: Last (5) digits of the MID plus the merchant’s UPPERCASE State abbreviation, i.e., XXXXXGA
Aperia’s Help Desk also offers interpreter support for a variety of languages including Spanish, French and Mandarin Chinese!
If I only do the SAQ once a year and scan once a quarter, why am I being charged monthly?
Most banks have broken down the annual/quarterly cost for validating PCI compliance into monthly installments so that the price is easier to digest.
Can I switch to a new processor who doesn’t require compliance?
All Acquirers are responsible for ensuring that all of their merchants comply with the PCI Data Security Standard (DSS) requirements, therefore, all processors are required by the card brands to implement a PCI compliance program.
We’ve partnered with Aperia based on the fact that they provide the best value for our merchants and provide full support in helping you in the compliance process.
How long is this going to take?
The time it takes to achieve compliance is dependent upon how you process credit card data. If a vulnerability scan is not required, achieving compliance can be completed in a short amount of time.
My shopping cart/payment gateway/processing is outsourced, why is this my responsibility? If I am breached, wouldn’t it be their fault?
Merely using a third-party company does not exclude a company from PCI compliance. It may cut down on your risk exposure and consequently reduce the effort to validate compliance. However, it does not mean you are exempt from PCI. All merchants are required to complete the SAQ annually at a minimum.
It also addresses internal security practices and procedures behind handling credit card data. One of the leading causes of data breaches is due to employee error or carelessness when handling sensitive information – this is why proper policies should be in place and a formal Security Awareness Training should be conducted.
Your business must protect cardholder data when you receive it, and process charge backs and refunds. You must also ensure that providers’ applications and card payment terminals comply with respective PCI standards and do not store sensitive cardholder data.
You should request a certificate of compliance annually from providers.
My payment application is already compliant - what else do I need to do?
Utilizing a compliant payment application is a best practice towards achieving compliance, but PCI compliance also covers data security, physical security and network security.
Can I just download a form from the web and fill it out?
It is extremely difficult to complete the standard PCI Self Assessment Questionnaire without assistance – it was written in a very technical language. We have partnered with Aperia to assist you in the compliance process and offer support as you are completing the SAQ.
Many of the questions in the SAQ require that you have a written Security Policy and a formal Security Awareness Training in place. Without a resource to assist in building the required Security Policy and conduct the formal training, this would be a very time consuming and costly task to complete.
If I only accept credit cards over the phone, does PCI still apply to me?
Yes. All businesses that store, process or transmit payment cardholder data must be PCI Compliant.
What’s a network security scan?
A network security scan involves an automated tool that checks your systems for vulnerabilities. The tool will conduct a non-intrusive scan to remotely review networks and Web applications based on the external-facing Internet protocol (IP) addresses. The scan will identify vulnerabilities in operating systems, services, and devices that could be used by hackers to target the company’s private network.
As provided by an Approved Scanning Vendor (ASV’s) such as Aperia, the tool will not require you to install any software on your systems, and no denial-of-service attacks will be performed.
Note, typically only merchants with external facing IP address are required to have passing quarterly scans to validate PCI compliance.
Do I need vulnerability scanning to validate compliance?
If you electronically store cardholder data post authorization, or if your processing systems have any internet connectivity, a quarterly scan by a PCI SSC Approved Scanning Vendor (ASV) is required.
How often do I have to scan?
Every 90 days/once per quarter you’re required to submit a passing scan. Merchants and service providers should submit compliance documentation (successful scan reports) according to the timetable determined by their acquirer. Scans must be conducted by a PCI SSC Approved Scanning Vendor (ASV). Aperia is a PCI Approved Scanning Vendor.
I‘m a merchant that requires vulnerability scanning. I’m not technical, therefore, I cannot make changes to my system, what should I do?
Call Aperia and they’ll help you understand the vulnerabilities found on your scan report, if any. They’ll make recommendations on how to correct any problem areas, and arrange additional scans if needed.
- Simply call Aperia toll-free between the hours of 9:00AM EST- 7:00PM EST, Monday-Friday, at 844.216.2241 or visit pciapply.com to access their merchant portal using the following credentials:
- User Name: 14-digit Merchant ID Number, i.e., 848700166XXXXX or 848700189XXXXX
- Password: Last (5) digits of the MID plus the merchant’s UPPERCASE State abbreviation, i.e., XXXXXGA
- Aperia’s Help Desk also offers interpreter support for a variety of languages including Spanish, French and Mandarin Chinese!
If I’m running a business from my home, am I a serious target for hackers?
Yes, home users are arguably the most vulnerable simply because they’re usually not well protected.
Adopting a ‘path of least resistance’ model, intruders often zero-in on home users – exploiting their ‘always on’ broadband connections and typical home use programs such as chat, Internet games and P2P file-sharing programs.
Aperia’s scanning service allows home users and network administrators alike to identify and fix any security vulnerabilities on their desktop or laptop computers.
Where can I find the PCI Data Security Standards (PCI DSS)?
The Standard can be found on the PCI SSC’s Website:
https://www.pcisecuritystandards.org/security_standards/index.php
GET YOUR FREE CREDIT CARD PROCESSING QUOTE NOW
Who we are and what we do
Our mission is to provide your business with the best payment solutions available, to increase your profits, and provide service beyond your expectations
We're a leading merchant payment processing company that helps businesses from a wide range of industries with unique payment processing needs.
While most payment processors only talk about saving you money, we take a different approach and focus on building your business and developing lasting relationships.
We believe a merchant account doesn't need to be confusing, time consuming, or filled with hidden fees, and we strive to:
-
provide complete transparency to our team, clients and partners
-
always do the right thing
-
and eventually to change our industry for the better
When you decide to join our team, you get access to comprehensive list of services and solutions which simplify your payments processing and saves you time and money.
Ready to start a conversation?
Give us a call at (866) 674-1020, option 2, or click the button to send us a message and we'd be happy to help you save time, money, and simplify your payment processing!
Connect With Us
