Attend IT Blog

Attend IT Limited has been serving the Brentford area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Let’s Help You Understand PCI Compliance

Let’s Help You Understand PCI Compliance

Nowadays, every business accepts payment cards. To protect people’s personal and financial information when conducting transactions using credit, debit, and gift cards, the companies that stand to lose the most if these transactions are compromised: Visa, Mastercard, Discover, and American Express, have implemented industry-wide compliance regulations. This regulation is called PCI DSS, short for Payment Card Index Digital Security Standard. Let’s take a brief look at this regulation.

Understanding PCI Compliance

The credit card companies listed above make up what is called the PCI Security Standards Council. They have created a mandate that any business who wants to accept payment cards needs to adhere to. That means every business. So from the largest multinational corporation to the smallest street vendor, if that company needs to accept payment by credit, debit, or affiliated gift cards, they need to be PCI compliant.

This means that any business that stores information or processes payment using digital payment cards would have to maintain PCI compliance. Here are 10 actions those business need to take to meet compliance regulations:

  1. Change passwords from system default
  2. Install all sufficient network security tools (antivirus, firewalls, etc.) that will work to protect card data
  3. Encrypt transmission of card data across public networks
  4. Restrict the transmission of card and cardholder data to “need to know” basis
  5. Assign user ID to all users with server or database access
  6. Make efforts to protect physical and digital access to card and cardholder data
  7. Monitor and maintain system security
  8. Test system security regularly
  9. Create written policies and procedures that address the importance of securing cardholder data
  10. Train your staff on best practices of accepting payment cards

Fortunately, many businesses already do these things to keep the data they store safe. Companies that don’t will likely be in breach of the regulation, and therefore, face the ire of PCI regulators. 

PCI and Business Size

According to PCI regulators, the size of your business is in direct proportion to the amount of risk you take on. That’s why PCI Security Council mandates break businesses into four different merchant levels. They are:

  • Merchant Level #1 - A business that processes over six million payment card transactions per year.
  • Merchant Level #2 - A business that processes between one million-to-six million payment card transactions per year.
  • Merchant Level #3 - A business that processes between 20,000-to-one million e-commerce payment card transactions per year.
  • Merchant Level #4 - A business that processes less than 20,000 e-commerce payment transactions, and fewer than one million overall payment card transactions per year.

Let’s take a look at the responsibilities businesses in each merchant level have to stay PCI compliant:

Merchant Level #1
Doing massive business online and otherwise brings with it more responsibility. To maintain PCI compliance, Level one merchants need to:

  • Perform a yearly Report on Compliance (ROC) through a Qualified Security Assessor (QSA)
  • Allow an Approved Security Vendor (ASV) to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #2
As transactions begin to decrease there are less stringent standards. Level two’s include:

  • Perform a yearly Self-Assessment Questionnaire (SAQ)
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #3
Many medium-sized businesses will fall under this level and need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #4
The majority of small business fall into level #4 status and like levels two and three need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council record

Data privacy is more important now than ever, and the payment card industry does a wonderful job policing their own. Companies found not to be in compliance with PCI DSS requirements face severe financial penalties, higher levels of scrutiny, and even the revocation of card processing privileges. 

If you would like to know more about PCI DSS compliance or any other regulation that concerns your information technology, call Attend IT Limited today at 020 8626 4485. 

Returning to Work During a Pandemic
Tip of the Week: How to Keep Your Wireless Printer...
 

Mobile? Grab this Article!

Qr Code

Tag Cloud

Technology Security Business Computing Productivity Network Security Cloud Best Practices Tip of the Week Business Managed IT Services Data Data Backup Data Recovery Hackers IT Services IT Support Innovation communications Hosted Solutions Disaster Recovery Software Backup Privacy VoIP Cybersecurity Malware Mobile Devices Small Business Efficiency Internet Saving Money Email Business Continuity Computer Cloud Computing Phishing Collaboration Hardware Business Management Outsourced IT Microsoft BDR Automation Information Technology User Tips Ransomware Productivity Smartphones IT Support Compliance Internet of Things Users Workplace Tips Workplace Strategy Quick Tips Smartphone Server Artificial Intelligence Communication Upgrade Risk Management Wi-Fi Mobile Device Management Network Managed IT Mobility Managed IT services Budget Training Spam Meetings Employee-Employer Relationship Covid-19 Gadgets Passwords BYOD Managed Service Provider Google Save Money Wireless Password Mobile Device Networking Human Resources Remote Avoiding Downtime Document Management Android Printing Information Windows 7 Remote Workers Social Media Microsoft Office VPN Remote Computing Chrome History Hosted Solution Router Instant Messaging Firewall Content Filtering Computers Data Management Cost Management Windows 10 Project Management MSP Monitoring Managed Service Virtual Private Network Help Desk Time Management Remote Work Video Conferencing Laptop Marketing Recovery Telephone Systems Government End of Support Hacker Personal Information Hard Drives Solid State Drive Current Events Encryption Battery Automobile Telephony Big Data Two-factor Authentication Audit Office Employer-Employee Relationship Value Saving Time Data Breach Data Storage Data Security Mobile Software as a Service Conferencing Redundancy Maintenance Devices Tech Term Proactive Computing Wireless Internet Hybrid Cloud Business Technology Printers IT Service Machine Learning Paperless Office Backup and Disaster Recovery Voice over Internet Protocol Mobile Office Manufacturing Customer Relationship Management AI Printer Managed Services Mobile Computing Proactive IT Social Engineering Transportation Going Green Browser Applications Private Cloud Operating System iPhone Health Windows Money Facebook Administration Colocation Windows 10 Advertising PDF Apps Legal Wireless Technology Flexibility Update Cybercrime Black Market Virtualization Shadow IT Disaster Education Application Save Time Work/Life Balance Office 365 Antivirus Holiday Entertainment HIPAA Phone System Analytics Electronic Medical Records Cleaning Hacking Smart Technology Vendor Management Samsung Company Culture App SaaS Upgrades Vulnerability The Internet of Things Dark Web Nanotechnology OneNote Business Intelligence Managed IT Service Data Protection Commerce Regulation Professional Services Travel Word Apple User Error Data Loss File Sharing Storage Lifestyle Evernote Workers Spyware intranet Blockchain IoT Analysis Chromebook Smart Tech Connectivity Streaming Media Content Filter Management Financial Technology Gamification Students Unified Communications Remote Monitoring Wasting Money Amazon Virtual Assistant Alexa for Business WPA3 File Storage Bandwidth Vendor Telephone Utility Computing Payroll SMB Downtime E-Commerce Payment Cards Break/Fix e-waste Employees Smartwatch Development Azure Active Directory Windows Server Cybersecurty Window 10 Online Storage Fiber Optics Windows Server 2008 Copiers Voiceover Internet Protocol Business Telephone Computer Repair Troubleshooting CRM Workstations Outsource IT PCI DSS Regulations Compliance Cost Remote Working Leadership Bitcoin Finance Infrastructure Videoconferencing Streaming Customer Service Copier Authentication Hiring/Firing RMM Windows 11 Cabling Going Paperless Inventory Management Employer/Employee Relationships Outsourcing How To Microsoft Outlook Files Regulations Paperless Solutions Microsoft 365 Strategy Consulting Decision Making Ergonomics Signage Customer Experience Robot Google Drive Miscellaneous Alert Law Enforcement Reputation Social Relocation Search Internet Exlporer Text Messaging Office Tips HaaS Video Games Scalability Humor How To Best Practice USB Virtual Reality Managing Stress Point of Sale Identity Theft Worker Commute Politics Experience Music Books Safety Emergency Worker Scam Computer Accessories Charger Computer Care Unsupported Software Television Business Strategy WiFi Unified Threat Management Consultant Touchscreen Emails Webinar IT solutions Windows 10s Hard Disk Drive iOS Computer Fan Root Cause Analysis Augmented Reality CrashOverride Settings Screen Mirroring Cast HBO IT Management IT Solutions WIndows Server 2008 Patch Management Outlook Shortcut Excel Sync Adobe Licensing Tablets NFL Windows Ink Google Maps Google Docs Microsoft Excel Sports Cortana Legislation Comparison Specifications Sales Retail Gifts Credit Cards FAQ Wireless Charging WannaCry Updates Microsoft Word eWaste Device Security Tech Support Fraud Edge Ciminal IT budget Identities Language Virus Websites Data Theft App store Mobile Security Identity Data Privacy Hard Drive Google Assistant Twitter Computer Forensics Gmail PowerPoint Memory Financial Bring Your Own Device Testing Camera Projects Display Co-Managed Services Hyperlink Wasting Time Accessory Peripheral Access Control Admin Keyboard Shortcuts Security Cameras Employee 5G Medical IT YouTube OneDrive Sabotage PC Server Maintenance Investment ROI Windows Server 2008 R2 Micrsosoft Digital Signage Processor Benchmarks Myths Threats Scams Managed Services Provider Facebook Privacy eCommerce Holidays Inventory Communitications Hosted Desktop Smart Devices Keyboard Net Neutrality Internet Service Provider Workstation Telework Audits Solutions Policy Procedure Organization Innovations Reviews Biometrics Computer Tips Work Windows 8.1 Voice Supply Chain Environment Workplace Strategies Print Management Healthcare SSD Remote Management Telephone System Print Database 2FA Virtual Desktop Proactive Management eSignature Cyberattack Cameras Digital Cameras Mixed Reality Displays