Gravity Payments
Why Gravity?
Merchants
Developers
Partners
Industries
Pricing
Get Started
Company
Resources
Support

Gravity Capital: See what’s possible with a little extra flexible funding. 

Gravity Payments

Pricing

Get Started
Support Library
Get Support

Merchant PCI DSS Compliance

Whether you’re new to payment processing or looking to enhance your current security, understanding PCI DSS is key to protecting your customers and your business. We’re here to help merchants like you navigate these important standards with ease and confidence.

Merchant PCI DSS Compliance Validation

VikingCloud is Gravity Payments’ preferred vendor for PCI-DSS compliance servicing. SecureTrust by VikingCloud  is trusted by Gravity Payments to help you defend against cybercrime, and meet PCI DSS compliance requirements. 

How do I log into the SecureTrust Portal?

When your account is boarded to SecureTrust you will receive two emails; one welcome email and second email with your account password.  

  1. Once the welcome emails are received, Navigate to portal.securetrust.com
  2. Login with your username and password supplied by SecureTrust.
  3. Select “ Get Started” The SecureTrust wizard program will start the process to walk through your PCI DSS Compliance journey.  
  4. If at any time you have questions or run into a problem, you can email us at [email protected] or call us at 866-701-4700 x1 for help.

PCI DSS Frequently Asked Questions: 

What is PCI Compliance?

PCI DSS Compliance (PCI DSS) is a set of standards developed by the Payment Card Industry Security Standards Council (PCI SSC) to reduce credit card data theft and fraud. It applies to ALL businesses who accept, process, store, or transmit cardholder data.

Where can I find the PCI Data Security Standards (PCI DSS)?

PCI Security Standards Council Website – Review  the full PCI DSS standards, Document Library, Newsroom, Blogs, Certified Professionals, Compliance Solutions, and more can be found on the PCI SSC website. 

PCISSC Merchant Resources – A section within the PCI SSC site designed specifically for Merchants, The Merchant resource pages include guidance on PCI DSS Scoping & a Threat Center with a dive into topics such as Malware, Phishing, Remote Access, FAQ’s, and more. 

PCI Data Security Standards ( PCI DSS)  – Navigate directly to the PCI DSS Documents, Self-Assessment Questionnaires ( SAQ’s), Related Training’s, and Resources. 

Is compliance with PCI DSS mandatory? 

Yes, compliance with PCI-DSS is mandatory for any business that accepts, processes, stores, or transmits cardholder data. While not a federal law, it is enforced by the major card brands and is a contractual requirement when you partner with banks and payment processors.

Why should my business be PCI-DSS compliant? 

By ensuring a secure environment for processing credit card payments, you protect sensitive customer data, build trust, and avoid severe financial and legal repercussions. All businesses that accept credit cards are required to be compliant, which helps mitigate risks such as data breaches, fraud, and identity theft. Failure to comply can result in significant fines, increased transaction fees, and even the inability to process card payments.

What are the potential costs of a Data Breach?

Although adapting to PCI DSS standards can be challenging.  Adhering to PCI DSS significantly reduces the risk of expensive data breaches, which cost businesses an average of $7.68 million per incident. Notably, 60% of small to medium businesses fail within six months following a data breach.

Example costs of a breach:

    • Merchant Processor Compromise fee – $5,000 – $50,000+
    • Forensic Investigation – $12,000 to $100,000+
    • Onsite QSA Assessment – $20,000 – $100,000
    • Free Credit Check for affected customers – $10 – $30/card
    • Card Re-Issuance Fee – $3 – $10/card
    • Breach Notification to public – $2,000 – $10,000
    • Tech Repairs – $5,000+
    • Increased Monthly processing fees, Legal fees, and Civil Judgment

Are you a healthcare provider? There’s additional costs for a payment information breach.

    • Human and Health Services Fine – up to $1.5 Million/violation/year
    • On-going credit monitoring for affected patients – $10/individual
    • Federal Trade Commission Fines – $16,000/record
    • Class Action Lawsuit – $1,000/record
    • State Attorney General Fee – $150,000+
    • Patient loss – 40%

What do I need to do to achieve PCI DSS Compliance? 

Complete a Self Assessment and Attestation of Compliance
To maintain PCI DSS Compliance, merchants must complete and attest to a Self-Assessment Questionnaire (SAQ) annually and run an Approved scanning vendor (ASV) scan quarterly – when applicable. 

Gravity Payments partners with VikingCloud to offer the SecureTrust portal for merchants.  SecureTrust simplifies the PCI DSS validation process by offering an intuitive, user-friendly design that eliminates complexity, guiding merchants through the compliance process including assistance on maintaining a passing quarterly ASV scan and script scanning (when applicable). If you need assistance, please reach out to SecureTrust or Gravity Payments, who are here to help you with your PCI DSS Compliance validation questions. 

What is a PCI DSS ASV Scan?

An external vulnerability scan, called a PCI DSS ASV Scan, is done by an Approved Scanning Vendor (ASV) to help your organization meet the Payment Card Industry Data Security Standard (PCI DSS) requirements. This scan checks your internet-facing systems for any security weaknesses that could be used to compromise cardholder data.

An ASV scan is required at least once every three months (quarterly) for PCI DSS compliance, and also after any significant change to the network. These significant changes include new system components, changes in network topology, or new firewall rules.

SecureTrust by VikingCloud includes access to ASV scans.  By default SecureTrust runs a scan once a month, however when applicable a passing and attested ASV scan is required at least once every 90 days. 

What is Breach Protection? 

PCI DSS compliance greatly mitigates the risk of a data breach, but it can still occur. When enrolled into Gravity’s Payments SecureTrust by Viking Cloud, breach protection is included. 

Breach Protection

    • Can cover up to 5 locations (MIDs)
    • $100,000 coverage per MID
    • $0 deductible
    • $500,000 maximum per incident for Merchants with multiple MIDs enrolled in Breach Protection
    • Covers forensic audit fees, card replacement costs and fines

How does Gravity Payments facilitate PCI-DSS compliance?

Gravity Payments understands that navigating PCI-DSS compliance can be complex. We are committed to helping our merchants achieve and maintain compliance, ensuring the security of payment card data. The specific requirements and the way Gravity Payments facilitates compliance differ based on your payment acceptance method: whether you accept payments through your business management software (integrated solution) or as a standalone solution (non-integrated solution).

Our goal is to simplify the compliance journey for all our merchants, allowing you to focus on running your business with confidence, knowing your payment processing is secure and compliant.

Tags

Account Management

Need further assistance?

Our multi-lingual support team is here 24/7. No robots. No phone trees. Just real help from real people.
Get Support