Attend IT Limited Blog

Let’s Help You Understand PCI Compliance

Let’s Help You Understand PCI Compliance

Nowadays, every business accepts payment cards. To protect people’s personal and financial information when conducting transactions using credit, debit, and gift cards, the companies that stand to lose the most if these transactions are compromised: Visa, Mastercard, Discover, and American Express, have implemented industry-wide compliance regulations. This regulation is called PCI DSS, short for Payment Card Index Digital Security Standard. Let’s take a brief look at this regulation.

Understanding PCI Compliance

The credit card companies listed above make up what is called the PCI Security Standards Council. They have created a mandate that any business who wants to accept payment cards needs to adhere to. That means every business. So from the largest multinational corporation to the smallest street vendor, if that company needs to accept payment by credit, debit, or affiliated gift cards, they need to be PCI compliant.

This means that any business that stores information or processes payment using digital payment cards would have to maintain PCI compliance. Here are 10 actions those business need to take to meet compliance regulations:

  1. Change passwords from system default
  2. Install all sufficient network security tools (antivirus, firewalls, etc.) that will work to protect card data
  3. Encrypt transmission of card data across public networks
  4. Restrict the transmission of card and cardholder data to “need to know” basis
  5. Assign user ID to all users with server or database access
  6. Make efforts to protect physical and digital access to card and cardholder data
  7. Monitor and maintain system security
  8. Test system security regularly
  9. Create written policies and procedures that address the importance of securing cardholder data
  10. Train your staff on best practices of accepting payment cards

Fortunately, many businesses already do these things to keep the data they store safe. Companies that don’t will likely be in breach of the regulation, and therefore, face the ire of PCI regulators. 

PCI and Business Size

According to PCI regulators, the size of your business is in direct proportion to the amount of risk you take on. That’s why PCI Security Council mandates break businesses into four different merchant levels. They are:

  • Merchant Level #1 - A business that processes over six million payment card transactions per year.
  • Merchant Level #2 - A business that processes between one million-to-six million payment card transactions per year.
  • Merchant Level #3 - A business that processes between 20,000-to-one million e-commerce payment card transactions per year.
  • Merchant Level #4 - A business that processes less than 20,000 e-commerce payment transactions, and fewer than one million overall payment card transactions per year.

Let’s take a look at the responsibilities businesses in each merchant level have to stay PCI compliant:

Merchant Level #1
Doing massive business online and otherwise brings with it more responsibility. To maintain PCI compliance, Level one merchants need to:

  • Perform a yearly Report on Compliance (ROC) through a Qualified Security Assessor (QSA)
  • Allow an Approved Security Vendor (ASV) to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #2
As transactions begin to decrease there are less stringent standards. Level two’s include:

  • Perform a yearly Self-Assessment Questionnaire (SAQ)
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #3
Many medium-sized businesses will fall under this level and need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #4
The majority of small business fall into level #4 status and like levels two and three need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council record

Data privacy is more important now than ever, and the payment card industry does a wonderful job policing their own. Companies found not to be in compliance with PCI DSS requirements face severe financial penalties, higher levels of scrutiny, and even the revocation of card processing privileges. 

If you would like to know more about PCI DSS compliance or any other regulation that concerns your information technology, call Attend IT Limited today at 020 8626 4485. 

Returning to Work During a Pandemic
Tip of the Week: How to Keep Your Wireless Printer...

By accepting you will be accessing a service provided by a third-party external to

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Technology Network Security Business Computing Tip of the Week Productivity Best Practices Cloud Data Backup Managed IT Services Disaster Recovery Hosted Solutions communications Privacy Data Recovery VoIP Hackers Malware Business Continuity Data Business Small Business Backup Email Outsourced IT Innovation IT Services Software Cloud Computing IT Support Mobile Devices Productivity Efficiency Cybersecurity Internet Computer IT Support Phishing Saving Money BDR Upgrade Automation Internet of Things Smartphone Business Management Hardware Microsoft Managed IT Managed IT services Covid-19 Server Information Technology Mobile Device Management Collaboration Network Ransomware User Tips Mobility BYOD Risk Management Compliance Avoiding Downtime Save Money Managed Service Provider Communication Wi-Fi Budget Workplace Tips Artificial Intelligence Windows 7 Passwords Wireless Computers Firewall Cost Management Meetings Gadgets History Smartphones Quick Tips Managed Service Hosted Solution Password Data Management Remote Computing Spam Virtual Private Network Instant Messaging Automobile Employee-Employer Relationship Personal Information Remote Workers Redundancy Printing Human Resources Tech Term Networking Android Wireless Internet Telephone Systems Router Employer-Employee Relationship Marketing Document Management Recovery Content Filtering End of Support Remote Work IT Service Devices Users VPN Hard Drives Value Training Paperless Office Manufacturing Hybrid Cloud Google Conferencing Microsoft Office Data Breach Solid State Drive Audit Saving Time Data Security MSP Telephony Business Technology Windows 10 Unified Communications Development Managed Services Connectivity Break/Fix Window 10 AI intranet WPA3 Downtime Evernote Administration Antivirus Outsource IT Wasting Money Windows Server Vulnerability Regulation Remote Wireless Technology Employees SaaS Managed IT Service User Error Remote Monitoring Help Desk Browser Streaming Media Online Storage Mobile Device OneNote Word Time Management Data Protection Government Education Cleaning File Storage E-Commerce Nanotechnology Mobile Colocation Holiday Computing Amazon Money Work/Life Balance Copiers Social Engineering Data Loss Phone System Black Market Payroll Hacking Content Filter Customer Relationship Management Workstations Printer Application Bandwidth Payment Cards Professional Services Workers Hacker Entertainment Samsung Gamification Disaster Analysis Virtual Assistant Machine Learning The Internet of Things Remote Working Office 365 Flexibility Telephone Voiceover Internet Protocol Proactive iPhone Save Time Smart Technology Monitoring Voice over Internet Protocol Commerce Lifestyle PCI DSS Two-factor Authentication Chromebook Travel Windows 10 HIPAA Cybercrime Project Management Operating System Encryption Electronic Medical Records Alexa for Business Facebook Business Telephone Upgrades Transportation Virtualization Azure Laptop Management Printers e-waste Fiber Optics Business Intelligence Software as a Service Spyware Company Culture Students Utility Computing Mobile Office Social Media IoT Regulations Compliance Smart Tech Vendor Backup and Disaster Recovery Proactive IT Private Cloud Advertising Going Green Cybersecurty Dark Web Mobile Computing Applications Update Smartwatch Computer Repair Video Conferencing Shadow IT Big Data SMB Active Directory Cost Legal Office Financial Technology Windows Server 2008 App Apple Politics Charger Keyboard Shortcuts CRM Emails IT Solutions Chrome Comparison Language Social Television CrashOverride NFL Maintenance HBO Storage Audits Managing Stress Emergency Identity Myths Computer Care Licensing Alert Humor Vendor Management PowerPoint Accessory Server Maintenance Inventory USB Books Search Worker Commute Scam Display Holidays Fraud PDF Experience Best Practice Keyboard Webinar WIndows Server 2008 Specifications Policy Testing 5G eWaste Communitications Touchscreen Robot Sports IT budget Solutions Data Privacy Threats Unsupported Software How To Peripheral Investment Internet Service Provider Virtual Reality Security Cameras Processor iOS Sync Credit Cards Innovations Google Assistant Co-Managed Services OneDrive WiFi Data Storage Edge Apps Financial Micrsosoft IT solutions Patch Management Sales Virus Procedure Relocation Camera Medical IT Windows Ink Device Security Access Control ROI Hosted Desktop IT Management Cortana Blockchain Law Enforcement Worker Hard Drive Scams Root Cause Analysis Current Events Benchmarks Miscellaneous FAQ Twitter Sabotage Unified Threat Management Screen Mirroring Google Docs Ciminal Text Messaging Music Bring Your Own Device Digital Signage Windows 10s Outlook Retail Organization Video Games Projects eCommerce Settings Google Maps Memory Admin Windows Server 2008 R2 Smart Devices Identities Reputation Battery Employee Managed Services Provider Augmented Reality Updates Workstation App store Computer Fan Adobe Wireless Charging Reviews Scalability Computer Accessories Computer Forensics Hyperlink PC Cast Microsoft Excel Net Neutrality Office Tips Analytics Hard Disk Drive Shortcut Websites Health Business Strategy Troubleshooting Legislation Point of Sale Facebook Privacy Tablets Microsoft Word File Sharing Telework HaaS Safety Mobile Security Information WannaCry Internet Exlporer Gmail Wasting Time Consultant Excel Google Drive Gifts Data Theft Windows Identity Theft YouTube Tech Support