What is PCI Compliance?

PCI Compliance is an industry-mandated security standard that applies to all businesses that handle, process or store credit cards. The Payment Card Industry (PCI) data security framework was created by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International.

The PCI DSS framework is divided into 12 security requirements as follows:
1. Install and maintain a firewall configuration to protect data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored data
4. Encrypt transmission of cardholder data and sensitive information across public networks 5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security

Who Must have the PCI Compliance?

Any company that stores, processes, or transmits cardholder data must have the PCI compliance. They are primarily the merchants and service providers.

Merchants and Service Providers

Merchants are authorized acceptors of cards in exchange for goods or services. Service Providers are organizations that processes, stores, or transmits cardholder data, including companies that provide services to merchants or other service providers.

Merchant Levels

Level 1: Any merchant that processes more than 6 million Visa or MasterCard transactions annually.
Level 2: Any Merchant with between 1 and 6 million credit card transactions annually
Level 3: Any merchant that processes between 20 thousand and 1 million Visa e-commerce transactions annually.
Level 4: All other merchants

Service Provider Levels

Level1: All third-party providers and data storage entities that store, process, or transmit cardholder data for Level 1 and Level 2 merchants
Level 2: All data storage entities that store, process, or transmit cardholder data for Level 3 merchants
Level 3: All other entities

PCI Compliance Requirement for Merchants

Level 1: Annual onsite PCI data security assessment by Qualified Security Assessor and quarterly network scans by Approved Scanning Vendor
Level 2: Annual self-assessment and quarterly network scans by Approved Scanning Vendor
Level 3: Annual self-assessment and quarterly network scans by Approved Scanning Vendor
Level 4: Annual self-assessment and annual network scans by Approved Scanning Vendor

PCI Compliance Requirement for Service Providers

Level 1: Annual onsite PCI data security assessment by Qualified Security Assessor and quarterly network scans by Approved Scanning Vendor
Level 2: Annual onsite PCI data security assessment by Qualified Security Assessor and quarterly network scans by Approved Scanning Vendor
Level 3: Annual self-assessment and annual network scans by Approved Scanning Vendor

Consequences of Not Complying

Fines could go up to $500,000 per incident if data is compromised and merchants are found to be non-compliant. Merchants could also risk losing the ability to process customers’ credit card transactions.

Benefits of PCI Compliance

The benefits of PCI compliance is that your organization will not be fined in case of a compromise.

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>