Payment Card Industry Data Security Standard (PCI DSS)

Welcome Aboard!
We thank you for choosing Optimal Payments to process your credit card transactions.
Data security has become a primary consideration for every type of business that accepts credit
cards and debit cards for the payment of goods or services. The five major card schemes,
including Visa and MasterCard, have established the Payment Card Industry Security Standards
Council (PCI SSC) to oversee the Payment Card Industry Data Security Standard (PCI DSS) and
to promote data security throughout the payment card industry.
All industry participants who transmit, process, and/or store cardholder data are now required to
comply with PCI DSS, and all payment applications must be validated and certified on a regular
basis as defined by the standard.
Validation Process
There are two main components of validation:
1. Completing the PCI Self-Assessment Questionnaire (SAQ) as defined by the standard
2. Potentially, undergoing network Vulnerability Scans performed by an Approved Scanning
Vendor (ASV) quarterly
For more information about PCI DSS please visit our website at
https://pcidss.optimalpayments.com. By complying with PCI DSS you will benefit from:
• Better protection for your customers’ personal data
• Increased customer confidence through improved data security
• Protection against financial losses and fines
Avoid Heavy Fines
Fines have been introduced by Visa and MasterCard for businesses that are compromised and are
found to not be compliant with PCI DSS. Fines can be considerable, so to protect your business,
it is vital that you become PCI DSS compliant and that you maintain compliance in the future.
Validation Service
To help your business meet its PCI DSS compliance requirements and to facilitate the validation
process, Optimal Payments has teamed up with Security Metrics, a PCI DSS–accredited
Qualified Security Assessor (QSA) and ASV.
We are pleased to be able to offer you a low-cost price of $204 per year (per external-facing IP)
for complete PCI DSS validation services. Merchants who do not require vulnerability scan
services will be billed only $35 per year. We would be happy to assist you in determining which
category you fall into. You will be invoiced in the month you request access to the validation
services and then annually thereafter unless you cancel the service. The fees cover your
validation activities through the SecurityMetrics portal as well as your official compliance
certificate, once achieved.
Compliance Requirements
You will have a grace period of 90 days to complete both the SAQ and, if required for your
business, a scan of all external-facing IP addresses. If you do not become compliant by this date,
you will be charged a non-compliance fee of $25 per month effective 90 days from your account
activation. This fee is in addition to other fees payable under your Merchant Services Agreement
with Optimal Payments and will be charged monthly until you successfully complete the
validation process. If you are already compliant, or you have become compliant with the
assistance of a qualified provider, you will need to submit your compliance certificate to avoid
being charged the non-compliance fee in subsequent months. This documentation may be
emailed to PCICompliance@optimalpayments.com.
To initiate your PCI DSS compliance validation process, please visit
https://www.securitymetrics.com/validation_type.adp and select Optimal Payments as your
Acquiring Bank or Merchant Processor.
Alternatively, you can contact our Customer Service team at 888-709-8753 or at
paymentprocessing@optimalpayments.com and they will help you register. We welcome any
questions or concerns you may have regarding PCI compliance.
We appreciate your selection of Optimal Payments as your payment service provider, and your
commitment to securing your customers’ cardholder data.
Yours faithfully,
Optimal Payments
www.optimalpayments.com

© 2010 OP Payments Inc. All Rights Reserved.