Resource Center

When customers offer their bankcard at the point of sale, over the Internet, on the phone, or through the mail, they want assurance that their account information is safe. The Cardholder Information Security Program (CISP) is intended to protect cardholder data – wherever it resides – ensuring that members, merchants, and service providers maintain the highest information security standard. In 2004, the CISP requirements were incorporated into an industry standard known as the Payment Card Industry (PCI) Data Security Standard (DSS). Following is a summary of the PCI DSS which must be followed by all merchants:

Payment Card Industry Data Security Standard Summary (84kb PDF)

Visa^® and MasterCard are committed to ensuring the safety and security of their payment systems and cardholder's confidence in shopping with payment cards. The appropriate Payment Card Industry Self Assessment Questionnaire must be completed annually by any merchant that captures, transmits or stores credit and debit card data. Completed questionnaires can be faxed to Merchant Risk Management at 207-753-3398. Please contact customer service at 800-348-4025 with any questions on completing this form.

• Self Assessment Questionnaire (SAQ) Instructions (172kb PDF) Instructions and guidelines for selecting and completing the appropriate PCI Data Security Standard (DSS) SAQ
• SAQ A (48kb PDF) For merchants who do not store, process or transmit electronic cardholder data
• SAQ B (58kb PDF) For merchants who use imprint machines or stand-alone dial-out terminals and who do not store electronic cardholder data
• SAQ C (71kb PDF) For merchants who use the online payment application, but do not store electronic cardholder data
• SAQ D (188kb PDF) For all other merchants and service provides required to complete the SAQ