PCI DSS Compliance for Merchants
PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment.
As a merchant, you are part of the payment processing ecosystem and need to comply with PCI DSS requirements to protect your customers' credit card information.
This guide provides merchants who are customers of Dintero with a comprehensive overview of PCI DSS compliance requirements and best practices, but it is important to note that this guide is not a substitute for professional advice from a qualified security expert.
Dintero's Responsibilities
Dintero is certified as a Level 1 Service Provider by the PCI Security Standards Council. This means that Dintero has undergone rigorous security assessments and has demonstrated its ability to meet the highest PCI DSS compliance requirements.
When you are using Dintero's payment processing services, all card data is encrypted and securely transmitted to our servers, so that you as a merchant cannot access or store it yourself.
Accepting credit card payments on your website, app, or in your physical store means you retain some PCI scope, even with a Dintero integration.
Your Role as a Dintero Merchant
While Dintero is a certified PCI DSS Level 1 Service Provider, you still have some responsibilities to ensure your own environment is secure. Your compliance is typically simplified to completing a Self-Assessment Questionnaire (SAQ).
Given that Dintero handles all sensitive card data, you will likely be eligible for SAQ A. This is the easiest and most common SAQ, as it applies to merchants who outsource all cardholder data processing to a PCI DSS-validated third party and do not store, process, or transmit any cardholder data on their own systems or premises.
Your Simplified Compliance Steps
- Understand Your Environment: Because Dintero handles the sensitive data, your "Cardholder Data Environment" (CDE) is limited. You must ensure that any system or network that interacts with your Dintero integration is secure.
- Complete the SAQ A: You are required to complete and submit an annual SAQ A to merchant-pci@dintero.com. This questionnaire attests that you do not store, process, or transmit cardholder data and that you are using a validated third-party service provider (Dintero) for payment processing.
- Secure Your Systems: Even though you don't handle card data directly, you must still maintain a secure environment. This includes:
- Using strong passwords and unique user IDs for all systems.
- Not using vendor-supplied defaults for system passwords and other security parameters.
- Using and regularly updating antivirus software.
- Protecting all systems from malware.
- Having a formal security policy in place.
- Monitor Your Website: You must confirm that your site is not susceptible to attacks from scripts that could affect the merchant's e-commerce system(s).
By following these steps, you can confidently demonstrate your PCI DSS compliance while leveraging Dintero's secure payment services.