PCI compliance

Update: This article has been updated on January 2019 to provide the most recent Self-Assessment Questionnaire – Form A to meet PCI compliance.

This article explains the importance of PCI compliance and how your business can meet legal requirements for compliance from the credit card industry.

If you have a merchant account with Rentec Direct, that you use to collect application fees online or if any of your tenants pay rent via credit card, you need to make sure you meet industry security requirements. Part of these requirements include proving that your business is PCI compliant.

PCI compliance is a legal requirement created by the credit card industry. All companies worldwide, no matter what merchant provider they use, must prove their PCI compliance if they process credit card payments.

PCI compliance is an important part of managing a business that processes any type of credit card payments. In order to prove that your business meets the PCI compliance requirements you need to follow a few important steps each year.

For 2017, everyone must make sure their business is PCI compliant by January 20, 2017.  

Merchants who have not validated PCI compliance will be charged a PCI Non-Compliance fee of $29.99 per month until a PCI compliant status is achieved.  Only Rentec Direct clients who have been approved for credit/debit card payment processing need to follow the PCI compliance guidelines. If you only process payments via ACH you do not need to do anything.

Rentec Direct has partnered with Forte, the leading provider of payment processing solutions, to offer you merchant services for your rental business. The information below on PCI compliance requirements have been provided by Forte to ensure that your business will meet the requirements of the Payment Card Industry.

As a business that accepts credit cards, you should be aware that your company is required by the Payment Card Industry to become compliant with the PCI Data Security Standards (PCI-DSS) for your systems and processes.

PCI Data Security Standards ensure that your business, your tenants and any credit card information your business has accessed are adequately protected from a security breach.

You are required to be compliant with the PCI-DSS at all times to protect the cardholder data you handle daily. If you do not comply, your sensitive data – and your customers’ sensitive data – are both at risk for compromise by a third-party.

There are two ways you can to meet PCI-DSS compliance:

  1. Self assessment – You may choose to do your own PCI compliance assessment by completing the Self-Assessment Questionnaire – Form A. While this form looks lengthy, completing the Self-Assessment is relatively straight forward since you do not store credit card data as a Rentec Direct credit card merchant. You can find more details on how to complete a PCI Self-Assessment below.

  2. Enroll in Forte’s PCI-DSS Compliance Program – For $7.99 a month you can enroll in Forte’s Compliance Program.The cost of the program includes online instruction and assistance with registration and completion of the PCI online questionnaire, individualized response for any questions you have in completing the questionnaire, notification of PCI compliant status and ongoing monthly vulnerability scans of your systems. For more information on Forte’s PCI-DSS Compliance Program CLICK HERE.

But I don’t store credit card information. Do I still have to complete the PCI compliance requirements?

Yes, even if you don’t store or touch any credit card information you still need to complete the compliance requirements. This is a rule from all the major credit card companies, not from Rentec Direct, and it’s imposed on all companies worldwide that accept credit cards.  In fact, the majority of Rentec Direct clients never physically touch a credit card, since most of the time your tenants are inputting their own payment information online.   However, just because you don’t store cardholder data doesn’t mean it can’t be stolen. To protect your tenants and your business, you still need to be PCI compliant to mitigate the risk of hackers and malicious software.

How to complete PCI Self Assessment?

To complete a PCI self assessment you need to fill out the Self-Assessment Questionnaire A*. This form is provided by the PCI Secutiry Standards Council and needs to be completed and returned to pci@forte.net or faxed to (469)342-8010.

Click Here to Access a Blank Self-Assessment Questionnaire A.

To help you complete your Questionnaire, we have provided a sample form for you.  Rentec Direct cannot complete the Questionnaire for you but you can use this sample as a reference for how to answer the Questionnaire.  Look for the red marks on the Sample form for which areas you need to complete on your own form.

Click Here to Access the Sample Completed Self-Assessment Questionnaire A

*The PCI Security Standards Council provides multiple versions of the Questionairre Form

How long does certification last?

Certification is good for 12 months as long as there are no major changes in the network.

What is PCI?

PCI is all about protecting card holder data. Prior to 2006, all of the major card brands (Visa, Mastercard, Discover, American Express and JCB) each had their own security requirements. In 2006, they decided there needed to be consistency in security requirements across the playing field. As a result, they created a group called the PCI Security Standards Council. The Council was tasked with creating a single, system-wide standard that would apply to all merchants, members and service providers globally.

The Council created a set of standards called the Payment Card Industry’s Data Security Standards (PCI-DSS). The PCI-DSS states that PCI Data Security Requirements apply to all members, merchants and service providers that store, process or transmit cardholder data.

Every merchant who processes, stores or transmits cardholder data is subject to PCI and must demonstrate compliance. This is a world-wide initiative.

You’ve worked hard to build your business. Secure both your success and your customers’ payment card data. Your customers depend on your to keep their information safe.