Chase Paymentech PCI Compliance Initiative For Level 4 Merchants

PCI DSS was introduced in 2004 and is endorsed by all the major card associations as the standard of due care for securing credit card information that is processed and/or transmitted by merchants and payment service providers. Merchant compliance requirements are segmented into four levels based on the number of transactions a merchant processes annually and the channel employed to accept those transactions. Compliance with PCI DSS is mandatory for all merchants.

Chase Paymentech will utilize AmbironTrustWave's Risk Profiler(SM) to help measure the degree of risk among a sampling of more than 18,000 of its Level 4 merchants. AmbironTrustWave's Risk Profiler is a web-based dynamic questionnaire that prompts merchants to answer questions about their acceptance channel, transaction volume and other parameters important in identifying risk. Once a merchant completes the questionnaire, a risk score is provided with recommended actions for the merchant to implement toward achieving PCI DSS compliance. The AmbironTrustWave Risk Profiler tool is supported by a robust, end-to-end communication platform that encourages merchants to take an active role in protecting cardholder information and their businesses.

AmbironTrustWave developed the Risk Profiler specifically to help acquirers manage PCI DSS compliance among their Level 4 merchant populations. While Level 4 merchants typically process the fewest number of credit card transactions, the risk to their customers' cardholder data is significant due to a lack of internal data security resources as well as a reliance on third-party technology, such as point-of-sale (POS) systems.

"Protecting credit card data is critically important for all merchants regardless of how many transactions they handle," said Michael L. Herman, Chief Compliance Officer at Chase Paymentech. "Our data has shown that smaller merchants are at risk of a data security breach as much, if not more so, than large, brand name merchants. It is in the best interests of consumers and merchants that we make every effort to ensure PCI DSS compliance across our entire portfolio."

"As PCI DSS compliance continues to gain momentum as a standard practice for conducting business in the payment industry, tools such as the Risk Profiler provide acquiring institutions with information they need to effectively drive PCI DSS compliance to their Level 4 merchants," added Robert J. McCullen, CEO of AmbironTrustWave. "We are pleased to be working with a market leader like Chase Paymentech to help their merchants protect cardholder information."