What is PCI Compliance?

GlobalOnePay, a division of Pivotal Payments, recognizes the need for the highest security available to protect our merchants and their customers. In compliance with PCI Data Security Standards, we have met and surpassed all requirements set forth as a Level 1 Service Provider.

What is PCI Compliance?

The Payment Card Industry (PCI), which includes Visa, MasterCard, American Express and other leading card brands, requires service providers, banks and high-volume merchants to follow strict security guidelines, including:

In accordance with these guidelines and with a third-party security assessment, GlobalOnePay has been issued a certificate of PCI Compliance toward the requirements of the Payment Card Industry (PCI) Data Security Standards (DSS) validation methods.

Becoming Compliant

Please complete the PCI questionnaire found on https://globalonepay.pcitoolkit.com/version3. GlobalOnePay customers will have been sent an email with login information and instructions on completing the questionnaire. If you require assistance, contact our support team.

Who does PCI Compliance apply to?

PCI DSS requirements apply to all organizations or merchants who accept, transmit or store any cardholder data.

What exactly is 'cardholder data'?

Within the scope of PCI DSS are all cards branded with one of the five card association/brand logos that participate in the PCI SSC - American Express, Discover, JCB, MasterCard, and Visa International. That includes debit cards and prepaid cards in addition to credit cards.

What if I only accept credit cards over the phone, does PCI still apply to me?

As mentioned above, any business which stores, processes or transmits card holder data must be PCI compliant.

Where can I find the PCI Data Security Standards (PCI DSS)?

You can find them on the PCI SSC's Website using the link below:
https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

Are there different PCI compliance 'levels'?

Yes. There are four different merchant levels which are based on transaction volume over 12 months.

See the table below for the different Merchant levels as defined by Visa:

MERCHANT LEVELS
DESCRIPTION
1

Any merchant -- regardless of acceptance channel -- processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.
2

Any merchant -- regardless of acceptance channel -- processing 1M to 6M Visa transactions per year.

3

Any merchant processing 20,000 to 1M Visa e-commerce transactions per year.


4

Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants -- regardless of acceptance channel -- processing up to 1M Visa transactions per year.

If my business has multiple locations do I need to validate PCI Compliance for each location?

Yes. PCI compliance has to be validated by each location, or by each MID. If you have multiple locations, contact our support team for assistance.

What are the penalties for noncompliance?

Noncompliance can be very costly and although the payment brands fine the acquiring bank and not the merchant directly, penalties make their way downstream and could result in increased transaction fees or even termination of the banking relationship. An acquiring bank faces anywhere from $5,000 to $100,000 per month for PCI compliance violations.