Attend IT Limited Blog

By accepting you will be accessing a service provided by a third-party external to https://www.attendit.net/

Let’s Help You Understand PCI Compliance

Let’s Help You Understand PCI Compliance

Nowadays, every business accepts payment cards. To protect people’s personal and financial information when conducting transactions using credit, debit, and gift cards, the companies that stand to lose the most if these transactions are compromised: Visa, Mastercard, Discover, and American Express, have implemented industry-wide compliance regulations. This regulation is called PCI DSS, short for Payment Card Index Digital Security Standard. Let’s take a brief look at this regulation.

Understanding PCI Compliance

The credit card companies listed above make up what is called the PCI Security Standards Council. They have created a mandate that any business who wants to accept payment cards needs to adhere to. That means every business. So from the largest multinational corporation to the smallest street vendor, if that company needs to accept payment by credit, debit, or affiliated gift cards, they need to be PCI compliant.

This means that any business that stores information or processes payment using digital payment cards would have to maintain PCI compliance. Here are 10 actions those business need to take to meet compliance regulations:

  1. Change passwords from system default
  2. Install all sufficient network security tools (antivirus, firewalls, etc.) that will work to protect card data
  3. Encrypt transmission of card data across public networks
  4. Restrict the transmission of card and cardholder data to “need to know” basis
  5. Assign user ID to all users with server or database access
  6. Make efforts to protect physical and digital access to card and cardholder data
  7. Monitor and maintain system security
  8. Test system security regularly
  9. Create written policies and procedures that address the importance of securing cardholder data
  10. Train your staff on best practices of accepting payment cards

Fortunately, many businesses already do these things to keep the data they store safe. Companies that don’t will likely be in breach of the regulation, and therefore, face the ire of PCI regulators. 

PCI and Business Size

According to PCI regulators, the size of your business is in direct proportion to the amount of risk you take on. That’s why PCI Security Council mandates break businesses into four different merchant levels. They are:

  • Merchant Level #1 - A business that processes over six million payment card transactions per year.
  • Merchant Level #2 - A business that processes between one million-to-six million payment card transactions per year.
  • Merchant Level #3 - A business that processes between 20,000-to-one million e-commerce payment card transactions per year.
  • Merchant Level #4 - A business that processes less than 20,000 e-commerce payment transactions, and fewer than one million overall payment card transactions per year.

Let’s take a look at the responsibilities businesses in each merchant level have to stay PCI compliant:

Merchant Level #1
Doing massive business online and otherwise brings with it more responsibility. To maintain PCI compliance, Level one merchants need to:

  • Perform a yearly Report on Compliance (ROC) through a Qualified Security Assessor (QSA)
  • Allow an Approved Security Vendor (ASV) to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #2
As transactions begin to decrease there are less stringent standards. Level two’s include:

  • Perform a yearly Self-Assessment Questionnaire (SAQ)
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #3
Many medium-sized businesses will fall under this level and need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #4
The majority of small business fall into level #4 status and like levels two and three need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council record

Data privacy is more important now than ever, and the payment card industry does a wonderful job policing their own. Companies found not to be in compliance with PCI DSS requirements face severe financial penalties, higher levels of scrutiny, and even the revocation of card processing privileges. 

If you would like to know more about PCI DSS compliance or any other regulation that concerns your information technology, call Attend IT Limited today at 020 8626 4485. 

Returning to Work During a Pandemic
Tip of the Week: How to Keep Your Wireless Printer...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, August 05 2020

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Technology Network Security Business Computing Tip of the Week Best Practices Cloud Productivity Managed IT Services Hosted Solutions Disaster Recovery Privacy communications Backup Malware Hackers Data Business Data Recovery Outsourced IT Innovation VoIP Data Backup Cloud Computing IT Services Email Small Business Software Productivity Computer Business Continuity IT Support Efficiency Cybersecurity Mobile Devices Internet IT Support Saving Money Upgrade Hardware Internet of Things Business Management Automation Smartphone Managed IT services Server Phishing Microsoft Managed IT Information Technology Mobile Device Management Mobility Collaboration User Tips BDR Save Money Network Risk Management Budget Windows 7 Compliance Artificial Intelligence Managed Service Provider BYOD Avoiding Downtime Firewall Remote Computing Smartphones Cost Management Meetings Virtual Private Network Covid-19 Data Management Communication Passwords Password Ransomware Spam Gadgets History Quick Tips Computers Hosted Solution Networking Wireless Employer-Employee Relationship Microsoft Office Document Management Google Telephone Systems Router Paperless Office Manufacturing Content Filtering IT Service Managed Service Devices Training Wi-Fi Hybrid Cloud Hard Drives Remote Work Value Audit Conferencing Business Technology Solid State Drive MSP Workplace Tips Remote Workers Recovery Saving Time Automobile Marketing Data Breach Printing Data Security Human Resources Windows 10 Personal Information Redundancy VPN Tech Term Android Machine Learning Mobile Transportation Content Filter SaaS Managed IT Service Voiceover Internet Protocol Work/Life Balance Payroll Vulnerability Regulation Phone System Outsource IT Bandwidth Mobile Device OneNote Government Voice over Internet Protocol Data Loss Hacking Gamification Colocation Private Cloud Analysis Virtual Assistant Nanotechnology Application Social Media Data Protection Money Entertainment Samsung Time Management Proactive IT Black Market Professional Services Workers Disaster Going Green Monitoring Business Telephone Office 365 Mobile Computing Applications Chromebook e-waste Fiber Optics Save Time Smart Technology Hacker Azure Alexa for Business Backup and Disaster Recovery Two-factor Authentication End of Support Flexibility Mobile Office Proactive HIPAA Workstations Cybersecurty Travel Encryption Electronic Medical Records Printer Management Printers iPhone Computer Repair Lifestyle The Internet of Things Virtualization Smart Tech Vendor Windows Server 2008 Project Management Students Utility Computing Windows 10 Cybercrime SMB Active Directory Operating System Break/Fix Window 10 Software as a Service Spyware Browser Commerce Facebook Development Downtime PCI DSS Financial Technology Upgrades IoT Telephony Windows Server Shadow IT Big Data Social Engineering Connectivity Employee-Employer Relationship Business Intelligence Employees Office Unified Communications Advertising WPA3 Online Storage Apple Update Help Desk Dark Web E-Commerce Regulations Compliance Legal Antivirus Wasting Money Evernote Streaming Media App Copiers intranet Remote Monitoring Instant Messaging Video Conferencing File Storage Customer Relationship Management User Error Wireless Internet Administration Amazon Payment Cards Word Education Cleaning Users Managed Services Wireless Technology Holiday AI Computing PDF Best Practice Benchmarks Virtual Reality Audits Camera Sabotage Sports IT budget Financial Hard Drive eCommerce Edge Access Control Webinar WIndows Server 2008 How To Digital Signage Credit Cards Unsupported Software Employee Managed Services Provider Windows Ink Device Security Worker Policy Twitter Telephone Touchscreen Windows Server 2008 R2 Smart Devices Sales Virus Apps Solutions Projects WiFi Data Storage Relocation PC Cortana Blockchain Bring Your Own Device iOS Sync FAQ Music Internet Service Provider Law Enforcement Google Docs Ciminal Google Drive Memory Admin IT solutions Patch Management Current Events App store Root Cause Analysis Facebook Privacy Google Maps Battery Procedure Chrome Computer Forensics Hyperlink IT Management Troubleshooting Retail Text Messaging Updates Unified Threat Management Screen Mirroring Video Games Smartwatch Identities Computer Accessories Alert Adobe Wireless Charging Analytics Settings Reputation YouTube Microsoft Excel Windows 10s Outlook Mobile Security Information Augmented Reality Point of Sale Organization Gmail Wasting Time Scalability CRM Websites Company Culture Computer Fan Office Tips Myths Tablets Microsoft Word Safety Robot Cast Health Server Maintenance Inventory Legislation WannaCry Workstation Business Strategy Holidays File Sharing Identity Theft Keyboard Shortcuts Hard Disk Drive Shortcut Charger Net Neutrality Identity HaaS 5G Tech Support PowerPoint Accessory Internet Exlporer Keyboard Gifts Data Theft Politics Threats NFL Maintenance Managing Stress Emergency Display Consultant Windows Investment Communitications Comparison Language Vendor Management Security Cameras Processor Licensing USB Books Telework Testing Social OneDrive Storage Worker Commute Scam Miscellaneous Excel Experience Data Privacy Television CrashOverride Medical IT Fraud Peripheral Emails IT Solutions Humor Micrsosoft Computer Care Scams eWaste Google Assistant Co-Managed Services HBO Search ROI Hosted Desktop Specifications