×

Our Sites

NationalTransaction NTCGives NTCTravel NTCePay MarkFravel

More Information

Knowledge Base News/Blog Company Info Developers Payments Insider Converge Converge NextGen



PCI/DSS Security Compliance

Preventing Fraudulent Transactions

Any business or other entity that stores, processes or transmits cardholder data must ensure that their processes meet the Payment Card Industry / Data Security Standard (PCI/DSS). Failure to do so can result in heavy fines being levied. As an experienced and responsible merchant account provider NTC aim to support the businesses we work with to ensure full compliance.

Understanding PCI/DSS

The PCI/DSS is a global standard defining acceptable practice for any entity involved in the storage, transmission or processing of cardholder data.

In recognition of the sensitive, confidential and valuable nature of this data the standard imposes strict regulations which must be met in full. The full requirements are detailed but are covered by 12 broad requirements. These are grouped into 6 broad control objectives as follows:

1. Build and Maintain a Secure Network and Systems
- Install and maintain a firewall configuration to protect data
- Do not use vendor-supplied defaults for system passwords and other security parameters

2. Protect Cardholder Data
- Protect stored data (use encryption)
- Encrypt transmission of cardholder data and sensitive information across public networks

3. Maintain a Vulnerability Management Program
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications

4. Implement Strong Access Control Measures
-Restrict access to data by business need-to-know
-Assign a unique ID to each person with computer access
-Restrict physical access to cardholder data

5. Regularly Monitor and Test Networks
-Track and monitor all access to network resources and cardholder data
-Regularly test security systems and processes

6. Maintain an Information Security Policy
-Maintain a policy that addresses Information Security

Any entity handling card transactions must meet the standard and be able to demonstrate (certify) that it does so. The level of certification is flexible and depends on how transactions are processed and in what volume.


A Summary of Benefits

Achieving full compliance with PCI/DSS standards is more than an obligation. It delivers genuine benefits to businesses:

- Lessen the risk of fraudulent transactions

- Prevent security breaches

-Lessen the impact should a breach occur

- Reduce your business’ exposure to risk and liability

- Provide peace of mind for your customers

- Avoid the negative PR associated with data loss


Why are These Requirements in Place?

Card transactions have grown enormously in recent years as cards become the number 1 preferred form of payment. Since no physical money is handled or exchanged as part of these transactions they are dependent on the transfer of data.

That data therefore becomes sensitive and valuable and must be protected. Failure to protect this data can lead to fraud and theft. These crimes often impact both the card holder and the merchant directly. They can also damage or even destroy the reputation of businesses or organizations involved in hacks or data breaches.

More widely card fraud has the long-term detrimental effect of eroding consumer confidence and trust – both in the individual companies affected and in the card payment industry more widely.

Millions of consumers and organizations worldwide are choosing to pay by card. And millions of businesses, professionals, traders and organizations are accepting and handling these payments. Instead of allowing an ad-hoc approach where each business sets its own level of security the PCI / DSS was imposed. This ensures a uniformly high level of data security throughout the worldwide card payment industry.

How We Support Merchants

At NTC we don’t believe that your business should be deterred from handling card payments by these regulations. Instead, the standard should be viewed positively as a way to ensure that your customer’s data is handled with the respect and care they would expect. We aim to support responsible businesses as they work to meet the standard fully.

We recognize the necessity for modern businesses to offer customers the widest possible range of payment options. Our multiple services are designed to allow your business to deliver this choice. You can rest assured that each solution we offer has been developed with data security and compliance at its core.

We follow best practice to ensure compliance:

- End to End Encryption (E2EE)

By encrypting data at the point of entry and only decrypting it at the point of receipt you can be assured your customers’ details will be safe in transit.

- Secure Storage Centers

Your customer’s data is stored securely in full compliance with the relevant storage standards.

- Working Only With Compliant Companies

We only work with companies that treat their customer’s data with the respect it deserves.

- Ensuring Security in Evolving Areas

We are keen to promote new ways to pay such as e-commerce, mobile card readers and NFC. While doing so we are fully aware of the importance of focusing on security. We develop our products and solutions with this aim at their core.

What If A Data Breach Occurs

No business is completely immune to the sophisticated array of threats posed by modern hackers and other criminals. It’s important to understand that even with the very best systems and procedures in place a data breach can never be ruled out.

The average cost of correcting a data breach is between $25,000 and $50,000. With this in mind we have developed a PCI/DSS compliance program. This comes with the assurance that if a breach does occur we will offer comprehensive help and support to address the issue and minimize losses.

Should a breach occur we could be contacted by the relevant payment networks. Working together we would identify the nature and extent of the breach. You will be kept informed and we will offer comprehensive advice to allow you to protect your business.

If necessary we will connect you with qualified forensic investigators trained in the analysis of data breaches. Their investigation should enable you to address the specific system or process vulnerability that led to the breach.

Relevant payment network fines, fees and assessment costs may be retained by us (NTC) depending on the degree of compliance and coverage. Should a forensic audit be conducted the fee may also be reimbursed. If these fees are not are not passed on to your business this will minimize the cost to you as well as lessening the damage to your corporate reputation.

What Are the Results of Non-Compliance

We strongly urge all businesses we work with to take every possible step to ensure full compliance. Any merchant failing to meet the PCI/DSS standards will be responsible in full for all fees and fines.

Contact Us For Further Details

If you require further details on how our solutions meet PCI/DSS standards please feel free to contact us.


  • National Transaction Corporation
  • April , 2024 | 2024-04-19
Payment Gateways
  • Process your online shopping cart payments electronically.
  • Our payment gateway interfaces with any shopping cart software.
  • Our flexible programming API let's your payment processing work the way you do.
  • Our omni channel approach means one account processes all your payment needs.
  • Payment security is a top priority with our PCI compliant processing.
  • Process debit cards, credit cards, even gift card and loyalty cards on your site.
  • Recurring payments, buy now buttons and next day deposits are a snap with NTC.

Benefits and Features

More Information

Set up a merchant account the easy way. Get a FREE rate review and take advantage of our lowest rate guarantee. Process your first payment in as little as 48 hours.

No Contract Lock In
Wholesale Equipment Costs
Family Owned Since 1987
24/7 World Class Support
Lowest Rates & Fees Available
Next Day Funds

NTC covers all your payment processing needs for face to face in store transactions, mobile payment transactions, phone or mail order call center operations or online e-commerce payments.