PCI Compliance

Home / Local Governments / PCI Compliance

What is PCI DSS?

PCI DSS

The Payment Card Industry Security Standards Council (PCI SSC) was created and partially funded as a joint effort between American Express, Discover, JCB, MasterCard, and VISA. PCI DSS (Payment Card Industry Data Security Standards) applies to “all entities involved in payment card processing – including merchants, processors, acquirers, issuers, and service providers.” PCI DSS establishes six basic goals broken into twelve requirements to ensure credit card transactions are processed securely. Each requirement broken into multiple subsections with one or more testing procedures. More information can be found on the PCI SCC website.


What does this mean to ePAY Participants?

If you accept credit card payments, you must validate your PCI compliance annually or after any major change in your processing environment. Successful validation results in an Attestation of Compliance (AOC). The ePAY processor (JetPay/NCR) needs your PCI documentation to report compliance to the card brands.


How Can ePAY Help?

ePAY has always strived to provide secure electronic payments processing at low cost to all government entities in Illinois. In support of this goal, we are pleased with our partnership with SecureTrust, a Trustwave division, an industry leading qualified security assessor who provides Payment Card Industry Data Security Standard (PCI DSS) compliance services. As part of this partnership, all ePAY Participants who have converted to the new ePAY platform under NCR Payment Solutions will receive the following benefits at no additional cost:

 

  • PCI Portal to assist with completing and tracking annual SAQ validation  
  • PCI Network Vulnerability Scanning (up to 3 IPs)  
  • Security Policy Templates  
  • Network Security Health Check and Beacon  
  • $50,000 Breach Protection
  • 24/7 e-mail and phone customer support

In addition to these free services, Trustwave/SecureTrust also offers enhanced Qualified Security Assessor and Approved Scanning Vendor services. These services include hourly consulting, on-site assessments, penetration testing, annual security training, and more. For pricing and ordering information, please contact ePAYPCISupport@illinoistreasurer.gov.


More Ways to Ensure Compliance and Security

Introducing immediate encryption.

 

ePAY is proud to announce that P2PE POS devices are available for merchants through NCR, our payment processer.

Point-to-point encryption is a solution that ensures your data is secure, even if a breach were to occur. As soon as a transaction occurs, the sensitive information is encrypted. This encrypted data is then transferred to our secure data center, where it is decrypted.

 

Point-to-Point Encryption

This process drastically reduces the PCI scope a merchant faces by minimizing the amount of questions they are required to answer in their PCI Self-Assesment Questionnaire (SAQ) as they will no longer be holding sensitive customer data and will not be held accountable for this information. This means it will take less time and be less expensive to remain PCI compliant.

 

SAQ Difference