PCI Compliance

Learn how complying with Payment Card Industry (PCI) security standards can help reduce your business’s risk of card fraud and a data breach. M&T’s PCI Secure Program guides you through the process.

Get the help you need to become PCI Compliant.

M&T is here to help with PCI Secure by SecurityMetrics. As one of our merchants, you’re automatically enrolled in this all-in-one, PCI compliance solution. Select the link below to get started:

PCI Secure includes:

  • External Vulnerability Scan (3 IPs)
  • Online PCI Self Assessment Questionnaire (SAQ)
  • Online compliance reporting portal
  • Non-compliance notification
  • Compliance reporting to merchant processor
  • Compliance certificate
  • 24/7 live technical support
  • MobileScan
  • PANscan® (Card discovery software for 1 machine)
  • Breach Protection (Up to $100,000 reimbursement in case of a breach)

What is PCI compliance?

The Payment Card Industry Data Security Standard (PCI DSS) was established in 2006 by the major card brands (i.e., Visa, MasterCard, American Express, Discover Financial Services, JCB International). All businesses that process, store, or transmit payment card data are required to implement the standard to prevent cardholder data theft. Your card-handling practices and processing environment determine which PCI DSS requirements apply to your business.

Who benefits from PCI compliance?

You and your customers do. As card security threats become more sophisticated, businesses struggle to keep up with the latest data security practices. PCI standards are continually updated to address these threats, providing the guidelines you need to help protect your business and your customers.

Did you know:

  • 58% of data breaches target small businesses
  • The average cost of a breach to a small business is $200K
  • 81 records are stolen every second
  • None of the breached organizations investigated by SecurityMetrics forensic investigators were found to be compliant with the PCI DSS

How do businesses become PCI compliant? What are the requirements?

Your specific PCI compliance requirements depend upon how you process card payments and the number of transactions you process annually. However, in general, you must demonstrate your business has taken effective steps to:

  • Build and maintain a secure network
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test your networks
  • Maintain an information security policy
Hiscox Cyber Readiness Report, 2019.
Breach Level Index.
SecurityMetrics Guide to PCI DSS Compliance, 2021.

Learn more about PCI compliance by exploring these resources:

Read the SecurityMetrics Guide to PCI Compliance

Check to see if your software or gateway is PCI compliant 

Check out webinars, videos, and white papers in SecurityMetrics's Learning Center

Unless otherwise specified, all advertised offers and terms and conditions of accounts and services are subject to change at any time without notice. After an account is opened or service begins, it is subject to its features, conditions and terms, which are subject to change at any time in accordance with applicable laws and agreements. Please contact an M&T representative for details.
M&T Bank Merchant Services® are available subject to completion of a Merchant Services application and credit approval. Merchant Services are provided subject to the terms and conditions of M&T Bank's Merchant Services Agreement. Availability of funds is subject to M&T Bank's Funds Availability Policy. Additional terms and conditions apply.
Trustwave is a third-party service provider unaffiliated with M&T Bank. M&T Bank is not the provider of such services and is not responsible or liable for the delivery of such services.
Hiscox Cyber Readiness Report, 2019.
Breach Level Index.
SecurityMetrics Guide to PCI DSS Compliance, 2021.