Let’s Help You Understand PCI Compliance

In the digital age, almost every single business accepts payment cards. To protect people’s financial and personal information during credit, debit and gift card transactions, businesses should take serious steps. When it comes to losing this information, the companies that will be hurt the most like Mastercard, Visa, American Express and Discover have industry-wide compliance regulations to protect themselves. This regulation is called PCI DSS, otherwise known as Payment Card Index Digital Security Standard. Today we’re going to take a look at this regulation.

Understanding PCI Compliance

The credit card companies we mentioned above make up what is called the PCI Security Standards. This mandate is for any business who wants to accept payment cards. That basically means any business, as long as they accept debit, credit and gift cards.

If your business stores information or processes payments using digital payment cards, they need to be PCI compliant. Here are 10 actions you need to take to meet these regulations:

  • Install all the sufficient network security tools (antivirus, firewalls, and more) that can protect card data
  • Restrict card information data to “need to know” basis
  • Assign user ID to all users with access
  • Test your system security on the regular
  • Encrypt transmission of card data across your networks and public networks
  • Change default passwords and make them complex
  • Protect your physical and digital access to cardholder and card data
  • Train your staff on best practices of accepting payments
  • Maintain and monitor system security
  • Create written policies and procedures that keep the importance of securing cardholder data

Thankfully, most businesses already fo these things to keep their data safe, and companies that don’t are in breach of regulation and can face major consequences.

PCI and Business Size

Based on PCI regulators, the size of your business is in direct proportion to the amount of risk that comes with your business. PCI Security Council mandates break down businesses into four different merchant levels:

  • Merchant Level #1: This is a business that processes over 6 million payment card transaction per year.
  • Merchant Level #2: This is a business that processes between one million to 6 million payment card transactions per year.
  • Merchant Level #3: This is a business that processes between 20,000 to one million payment card transactions per year.
  • Merchant Level #4: This is a business that processes less than 20,000 payment transactions and fewer than one million overall payment card transactions per year.

Here are the responsibilities for each merchant level:

Merchant Level #1

Massive business online brings along even more responsibility. PCI regulations state that Level #1 merchants need to:

  • Use a Qualified Security Assessor (QSA) to perform a yearly Report on Compliance (ROC)
  • Complete a quarterly network scan with an Approved Security Vendor (ASV)
  • Complete Attestation of Compliance Form for PCI Council records

Merchant Level #2

Level #2 businesses need to:

  • A yearly Self-Assessment Questionnaire (SAQ)
  • Complete a quarterly network scan with an ASV
  • Complete Attestation of Compliance Form for PCI Council records

Merchant Level #3

Medium-sized businesses that fall under Level #3 need to:

  • Perform a SAQ
  • Complete a quarterly network scan with an ASV
  • Complete Attestation of Compliance Form for PCI Council records

Merchant Level #4

Small businesses usually are under this level and need to:

  • Perform a SAQ
  • Complete a quarterly network scan with an ASV
  • Complete Attestation of Compliance Form for PCI Council records

Data security and privacy is more important than ever and the payment card industry does a great job policing it when it comes to card payments. If your business is found to not be in compliance with their regulations you can face severe penalties and even have your privileges revoked. If you need help with these Payment Card Index Digital Security Standard regulations, give MyTek a call at 623-312-2440.

Table of Contents

HUMANIZING IT AND CREATING IT HAPPINESS IN ARIZONA

Our goal is to reinvent the managed IT experience for growing Arizona businesses through a partnership with no long-term commitments, technology options that are flexible to meet your needs and infrastructure and strategy that position your technology as a competitive advantage.

Download Our Price Sheet