n late 2004, Visa U.S.A and MasterCard International announced a new security initiative known as the Payment Card Industry (PCI) Data Security Standard in an effort to standardize industry security requirements for storing, processing and transmitting cardholder data.

This new standard combines and expands on Visa's Cardholder Information Security Program (CISP) and MasterCard's Site Data Protection (SDP) Program. According to Visa and MasterCard, merchants and service providers must demonstrate PCI compliance to their respective acquirer(s) by using onsite reviews, security self-assessments and security scans.

The majority of acquirers have submitted the necessary paperwork to their respective processors to ensure that they operate within these guidelines and that all of the certified products they use meet PCI standards. While this means that the lion's share of the software and terminal products are in accordance with PCI compliance, merchants might still be using software or equipment that do not meet compliance standards, and not be aware of it.

For instance, it is a merchant's responsibility to contact his or her software provider to ensure compliance. If merchants do not meet the compliance requirements of the PCI program, then Visa and MasterCard may impose a non-compliance assessment directly on the merchants.

The trouble is that many small and mid-sized merchants are simply not aware of the PCI regulations.

It is the role of the card Associations, acquirers and, most importantly, merchant level salespeople to educate merchants on the new regulations. Not only will this help build a stronger relationship with customers, it will also open up new sales opportunities.

Merchants that currently use non-PCI compliant solutions will need to upgrade to new systems that are PCI-compliant. This means new software and equipment sales and a chance to review the merchants' processing rates.

The PCI program represents a vital part in our industry's wide-ranging approach to payment card security. The Associations designed the program to help service providers and their merchants protect cardholder and payment data and ensure the reliability and integrity of the payment-processing infrastructure.

By the same token, the PCI program will also reinforce cardholder confidence and reduce the potential threat to the overall payment processing industry.

Peter Scharnell is Vice President of Marketing for Electronic Exchange Systems (EXS), a national provider of merchant processing solutions. Founded in 1991, EXS offers ISO partner programs, innovative pricing, a complete product line, monthly phone/Web-based training, integration services and, most of all, credibility. For more information, visit EXS' Web site at www.exsprocessing.com or send an e-mail to Scharnell at peter.scharnell@exsprocessing.com . EXS is a registered ISO/MSP for HSBC Bank USA, National Association.