GlobalOnePay, a division of Pivotal Payments, recognizes the need for the highest security available to protect our merchants and their customers. In compliance with PCI Data Security Standards, we have met and surpassed all requirements set forth as a Level 1 Service Provider.
The Payment Card Industry (PCI), which includes Visa, MasterCard, American Express and other leading card brands, requires service providers, banks and high-volume merchants to follow strict security guidelines, including:
- Building and maintaining a secure network.
- Protecting cardholder data.
- Maintaining a vulnerability management program.
- Implementing strong access control measures.
- Regularly monitoring and testing networks.
- Maintaining an information security policy.
In accordance with these guidelines and with a third-party security assessment, GlobalOnePay has been issued a certificate of PCI Compliance toward the requirements of the Payment Card Industry (PCI) Data Security Standards (DSS) validation methods.
PCI DSS requirements apply to all organizations or merchants who accept, transmit or store any cardholder data.
Within the scope of PCI DSS are all cards branded with one of the five card association/brand logos that participate in the PCI SSC - American Express, Discover, JCB, MasterCard, and Visa International. That includes debit cards and prepaid cards in addition to credit cards.
As mentioned above, any business which stores, processes or transmits card holder data must be PCI compliant.
Yes. There are four different merchant levels which are based on transaction volume over 12 months.
See the table below for the different Merchant levels as defined by Visa:
Any merchant -- regardless of acceptance channel -- processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.
Any merchant -- regardless of acceptance channel -- processing 1M to 6M Visa transactions per year.
Any merchant processing 20,000 to 1M Visa e-commerce transactions per year.
Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants -- regardless of acceptance channel -- processing up to 1M Visa transactions per year.
Yes. PCI compliance has to be validated by each location, or by each MID. If you have multiple locations, contact our support team
Noncompliance can be very costly and although the payment brands fine the acquiring bank and not the merchant directly, penalties make their way downstream and could result in increased transaction fees or even termination of the banking relationship. An acquiring bank faces anywhere from $5,000 to $100,000 per month for PCI compliance violations.