PCI DSS Compliance

How Trans-System International Company protects your payment card information.

Last Updated · May 19, 2026

Trans-System International Company ("TSI") takes the security of your payment card information seriously. This page describes our approach to compliance with the Payment Card Industry Data Security Standard ("PCI DSS") and what it means for customers who pay us by credit or debit card.

1. Our Commitment

Whenever you pay TSI by credit or debit card, your card information is handled in a manner designed to comply with PCI DSS, the security standard established and maintained by the PCI Security Standards Council (Visa, Mastercard, American Express, Discover, and JCB). We are committed to maintaining this compliance on an ongoing basis.

2. What PCI DSS Is

PCI DSS is a set of technical, operational, and administrative requirements that apply to any organization that accepts, processes, stores, or transmits payment card data. The current version is PCI DSS v4.0. The standard covers areas including:

Building and maintaining a secure network and systems.
Protecting account data with strong encryption and access controls.
Maintaining a vulnerability-management program.
Implementing strong access-control measures.
Monitoring and testing networks regularly.
Maintaining an information-security policy.

3. Our PCI Scope

TSI is a Level 4 merchant under the card-brand classification (fewer than 20,000 e-commerce transactions per year, or fewer than 1 million total card transactions per year across all channels). We self-assess annually using the Self-Assessment Questionnaire ("SAQ") category appropriate to our card-acceptance method.

Because TSI uses a hosted payment integration with our payment processor, card data is captured and tokenized by the processor directly — it does not pass through or rest on TSI's systems in clear-text form. This significantly reduces TSI's PCI scope.

4. How Card Data Flows

You enter your card details into a payment form that connects directly to our PCI-compliant processor (FluidPay).
The processor encrypts the card data in transit using TLS 1.2 or newer, sends it to the card brand network, and returns to TSI only a token and a transaction-status response.
TSI stores the token (which has no value to an attacker outside the processor's environment) so we can reference the transaction for refunds, receipts, and customer service.
TSI never receives or stores your full Primary Account Number ("PAN"), card-verification value ("CVV"/CVC), or magnetic-stripe data.

What TSI does NOT store: full card numbers (PAN), CVV/CVC codes, magnetic-stripe data, or PIN data. We only retain the last four digits and card brand for receipt and reconciliation purposes, plus the processor's transaction token.

5. Payment Processor

TSI uses FluidPay, a payment processor that maintains its own PCI DSS Level 1 Service Provider compliance. FluidPay's Attestation of Compliance ("AOC") is available on request from FluidPay directly. By using a Level 1-certified processor, TSI inherits a significant portion of the data-protection burden.

6. Technical Safeguards

Encryption in transit — TLS 1.2 or higher on all customer-facing connections, with HSTS enforced.
Network segmentation — payment flows are isolated from general business systems.
Access control — role-based access with multi-factor authentication on administrative accounts; principle of least privilege.
Audit logging — payment activity is logged with tamper-evident retention.
Patching — critical security patches deployed within standard maintenance windows.
Endpoint protection on all systems with access to the payment-processing environment.

7. Annual Attestation

TSI reviews and reaffirms its PCI compliance posture at least annually, including completing the appropriate SAQ and refreshing our vendor due diligence on the payment processor. Records of compliance review are retained internally.

8. Incident Response

TSI maintains an incident-response procedure that includes payment-data-incident-specific steps: immediate processor notification, internal containment, forensic investigation if warranted, and customer notification consistent with Texas Business and Commerce Code §521.053 and applicable card-brand operating rules.

9. Customer Best Practices

You can help protect your card data by:

Only entering card details on the TSI payment page when the browser shows a padlock icon indicating a secure (HTTPS) connection.
Keeping your devices and browsers up to date.
Monitoring your card statements regularly.
Notifying your card issuer immediately of any transaction you did not authorize.
Never sending your full card number to TSI by email, SMS, or unsecured channel. We will never ask for it that way.

10. Reporting a Concern

If you believe your payment information may have been compromised in connection with a TSI transaction, contact us immediately:

Trans-System International Company
Attn: Security / PCI Compliance
174 Duke Trail
Weatherford, Texas 76088
Email: info@trans-sysintl.com
Phone: +1 254-294-1004

We will respond within one business day, work with our processor and the relevant card brands as appropriate, and provide guidance on next steps.

11. Related Documents

12. Changes

PCI DSS evolves, and so do our practices. We may update this page from time to time. The "Last Updated" date at the top reflects the most recent revision.

Notice: This PCI Compliance Statement is a template aligned with PCI DSS v4.0 general expectations for a Level 4 merchant using a Level 1 service-provider integration. Specific statements about SAQ category, attestation activities, and processor relationship should be confirmed against TSI's actual current documentation before relying on this page in any audit or customer-assurance setting. Consider review by a Qualified Security Assessor (QSA) and a Texas-licensed attorney.