What is PCI compliance and is it required?
PCI stands for Payment Card Industry. Validation of PCI compliance is a requirement that all merchants must follow to ensure the security of card holder data. These rules and criteria are set for by the Payment Card Security Counsel and are a requirement for doing business. To get further answers on FAQs regarding PCI compliance, please visit https://www.pcicomplianceguide.org/pci-faqs-2/.
If you use another merchant service, you may need to complete compliance with them, as well. Please contact your provider to learn more about their compliance with PCI-DSS or Payment Application Data Security Standard (PA-DSS).
Below you will see the lifecycle of data transmission when you run a credit card transaction. It is the transmission of data in the beginning, between your PC and MINDBODY servers, that we need to secure with PCI validation. Once your data is on MINDBODY servers, it is handled and transmitted securely by MINDBODY.
There are a few different reasons why you could be listed as "non-validated."
- You are new to MINDBODY Processing.
- You have not yet filled out the PCI validation questionnaire.
- You filled out the questionnaire but have not passed or completed the required scan.
- The PCI Validation we have on file has expired.
Is my business PCI compliant because MINDBODY is PCI compliant?
No. MINDBODY software is secure and covers most of your PCI needs but there's a distinction between PCI requirements for service providers (MINDBODY Online) and those for merchants (you) who accept credit cards from their customers. Merchants must meet their own PCI compliance standards.
As your service provider, we take the protection of customer and payment account data very seriously. We understand the risks and financial costs that a compromise can pose to your business. Our compliance with PCI DSS includes requiring all of our merchants to validate compliance status with us. We have taken steps to make the process as simple as possible for you. Click here to learn more about MINDBODY's PCI compliance info.
While participation in the PCI Compliance Service Assistance Program helps to significantly mitigate the risk of a security breach or data compromise, participation does not guarantee to prevent a security breach or data compromise. You must maintain the highest levels of data security at all times.
PCI Compliance assistance in the U.S.
- MINDBODY Processing (Transfirst) PCI compliance vendor is ControlScan.
- MINDBODY Processing (Elavon) PCI compliance vendor is Trustwave.
ControlScan and Trustwave are companies that provide expertise in PCI compliance for our merchants. They will assist you through the process of becoming validated and will report your compliance status directly to MINDBODY when you are done.
ControlScan (MINDBODY Processing - Transfirst)
They have an easy-to-use online portal that will take you through the process of validating your PCI compliance. Click here to learn about fees and the fee schedule for PCI for Transfirst merchants.
Trustwave (MINDBODY Processing - Elavon)
They have a step-by-step PCI guide and you can click here to learn about fees and completing compliance for Elavon merchants.
PCI Compliance assistance in Canada
- Elavon Canada compliance vendor is Sysnet. Click here to learn more.
- Paysafe compliance vendor is Security Metrics. Click here to learn more.
Why am I charged a PCI fee?
The Payment Card Industry Data Security Standard (PCI DSS) was created to help organizations that accept, process, transmit, or store card payments to prevent credit card fraud by increasing controls and minimizing data exposure.
You are paying for the services of our PCI partners who can help you become compliant.
What if I am PCI compliant with another company?
Please send your PCI certificate to MINDBODY and we will submit it to your processor. Once it has been reviewed and approved you will not be required to meet the standards of our PCI program until your current program expires. At that time, you will be automatically enrolled in our PCI program.
You can submit your current PCI certificate to MINDBODY Merchant Support at firstname.lastname@example.org.