Rss Categories

TSYS And PCI Compliance


Occasionally, relaxed security by some merchants enables criminals to easily steal and use personal consumer financial information from payment card transactions and processing systems. As a merchant, you are at the center of payment card transactions so it is imperative that you use standard security procedures and technologies to discourage theft of cardholder data.


What Do You Need To Do?

You, as a merchant, are required to be PCI-Compliant if you want to process credit cards. TSYS provides all of the tools you need to be compliant when signing up for their services.

What Does StudioCloud Do To Protect You?

StudioCloud is required to be PA-DSS compliant. We achieve this by storing all credit card information with TSYS as well as processing all credit card information through TSYS. In fact, StudioCloud never even has access to credit card information. When you process a credit card in StudioCloud you are actually processing the credit card in a specially built interface provided by TSYS. This protects your customers credit card information, protects you, and protects StudioCloud from any credit card liabilities.

What Does TSYS Do To Protect You?

TSYS requires that you be PCI-Compliant in order to process credit cards with them. As a courtesy to you they have a third party who will step you through the entire process of being PCI compliant. Unfortunately, there is an annual fee for that service which that third party charges TSYS and TSYS passes along those fees to you. 

As such TSYS also allows you to opt out of their third party PCI Compliance service and provide your own third party PCI compliance service. Please note that TSYS will initially charge you for the PCI-Compliance fees but once you have become PCI compliant through your own third party and provided TSYS with a certificate stating you are compliant from your third party they will refund the fees. Please talk to TSYS for specific details regarding this option.

Why Should I Be PCI-Compliant?

To protect your business in the event of credit card fraud.

What Happens If I Am Not PCI-Compliant And Something Bad Happens?

The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can catastrophic to a small business.

It is important to be familiar with your merchant account agreement, which should outline your exposure.


I Know Another Merchant Account Provider Which Doesn't Require That I Be PCI-Compliant To Use Them. Why?

It is not the responsibility of Merchant Account Providers to force merchants such as yourself from being PCI-Compliant. It is your responsibility. As such, some Merchant Account Providers should tell you that you have to be PCI-Compliant but they do not verify that you are. In this situation a merchant, such as yourself, could be faced with catastrophic fines if something bad happened. In StudioCloud's opinion this is a disservice to customers not to verify that they are PCI-Compliant because it opens them up to catastrophic penalties.

So Why Does TSYS Require It?

Both StudioCloud and TSYS do not want any of our customers to experience any penalties which could potentially put them out of business. As such, both StudioCloud and TSYS would rather have customers protected and safe then out of business.