094 90 48200     Get SUPPORT

Aniar IT Services Blog

By accepting you will be accessing a service provided by a third-party external to https://www.aniar.ie/

PCI Compliance 101

PCI Compliance 101

Does your business accept credit cards? Of course it does. Regardless of what industry you are in, your customers are now using payment cards for a large portion of their retail transactions both online and in-store. To protect consumers, there has been a compliance standard enacted by credit card companies. Today we will look at this standard.

Introducing PCI DSS

With so many people using credit, debit, and prepaid gift cards to pay for goods and services, the economic ramifications of digital payment fraud, data loss, and other side effects of continued reliance on these methods of payment have led the companies that issue these cards to band together to create what is now known as the PCI Security Standards Council. Since its inception in 2006 the PCI Security Standards Council has been overseeing the establishment and coordination of the PCI DSS, or Payment Card Industry Digital Security Standard. Let’s take a look at how PCI compliance works.

Taking a Look at PCI 

PCI DSS was established in 2006 by credit card companies as a way to regulate business use of personal payment card information. That means all businesses. If your business processes or stores payment card information as a means of accepting digital payment, you need to maintain your PCI compliance. PCI DSS demands that businesses satisfactorily take the following steps:

  1. Change passwords from system default
  2. Install all sufficient network security tools (antivirus, firewalls, etc.) that will work to protect card data
  3. Encrypt transmission of card data across public networks
  4. Restrict the transmission of card and cardholder data to “need to know” basis
  5. Assign user ID to all users with server or database access
  6. Make efforts to protect physical and digital access to card and cardholder data
  7. Monitor and maintain system security
  8. Test system security regularly
  9. Create written policies and procedures that address the importance of securing cardholder data
  10. Train your staff on best practices of accepting payment cards

While many businesses already do these things in the normal course of doing business, if you currently don’t and you still allow for the use of payment cards, your business could have a problem on its hands. 

Business Size and Compliance 

Once you understand what you need to do to be PCI compliant, you then need to comply with the standards of your business’ merchant status. They are defined as follows:

  • Merchant Level #1 - A business that processes over six million payment card transactions per year.
  • Merchant Level #2 - A business that processes between one million-to-six million payment card transactions per year.
  • Merchant Level #3 - A business that processes between 20,000-to-one million e-commerce payment card transactions per year.
  • Merchant Level #4 - A business that processes less than 20,000 e-commerce payment transactions, and fewer than one million overall payment card transactions per year.

Since a business with more transactions has a better chance to foul up a situation concerning payment card compliance, they are required to do more to prove compliance than smaller businesses do. Here are the expectations for businesses in each merchant level:

Merchant Level #1

Doing massive business online and otherwise brings with it more responsibility. To maintain PCI compliance, Level one merchants need to:

  • Perform a yearly Report on Compliance (ROC) through a Qualified Security Assessor (QSA)
  • Allow an Approved Security Vendor (ASV) to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #2

As transactions begin to decrease there are less stringent standards. Level twos include:

  • Perform a yearly Self-Assessment Questionnaire (SAQ)
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #3

Many medium-sized businesses will fall under this level and need to:

  • Perform an SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #4

The majority of small businesses fall into level #4 status and, like levels two and three, need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council record

Businesses that are non-compliant will face fines, extra scrutiny, or risk having the privilege of accepting payment cards officially revoked. If you have questions about the particulars of PCI DSS compliance, call the knowledgeable professionals at Aniar IT Services today at 094 90 48200 .

Tip of the Week: How to Effectively Communicate wi...
Storing Data Is More Complex than You Know


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, July 10 2020

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Business Computing Productivity Best Practices Privacy Cloud Email Innovation User Tips Workplace Tips Hosted Solutions Network Security Internet IT Support Microsoft Data Efficiency Hardware Software Hackers Google Data Backup Communication Data Recovery Business VoIP Small Business Tech Term Managed IT Services Cloud Computing Cybersecurity Smartphones Collaboration Mobile Devices IT Services Phishing Windows 10 Communications Android Computer Gadgets Backup Mobile Device Users Malware Business Continuity Browser Artificial Intelligence Saving Money Smartphone Outsourced IT Network Information Disaster Recovery Business Management Facebook Internet of Things Miscellaneous Windows Managed Service BDR Server Upgrade Spam Automation Passwords Router Chrome Office 365 How To Quick Tips Social Media Windows 7 Blockchain BYOD Paperless Office Holiday Apps Word Cybercrime Microsoft Office Computers Data Security Applications Data Storage Mobile Device Management Bandwidth Staff Data Breach Vulnerability Government Wi-Fi Operating System Remote Work Two-factor Authentication Patch Management Data Protection Save Money HIPAA Telephone System Ransomware Remote Monitoring Connectivity Settings Virtualization Money Display Managed IT Encryption Infrastructure Human Resources History Networking Processor Password Virtual Assistant Managed IT services Bring Your Own Device Redundancy Voice over Internet Protocol Vendor Management IT Management Business Technology Telephone Systems Hard Drive App Meetings Health Social Engineering Augmented Reality Google Drive Avoiding Downtime Education Managed Services Provider Identity Theft Servers Comparison Audit Vendor Procurement Private Cloud IT Plan Help Desk Google Docs OneNote Access Control Compliance Digital Signage Law Enforcement Big Data Sports Machine Learning Cryptocurrency Telephony Employee/Employer Relationship Website CES Unsupported Software Software as a Service Scam Training Fraud Mobile Office Business Intelligence Update Keyboard Content Management Spam Blocking Botnet VPN Computer Care Copiers Cortana Alert Save Time Remote Workers FENG Microchip Charger Hosted Computing Smartwatch Skype Peripheral Wireless Internet Procedure Document Management Camera Outlook Investment Printing Enterprise Content Management Mobility Going Green Legal Wiring Travel Virtual Reality Professional Services Amazon Web Services Accountants Development Password Manager Nanotechnology Proactive IT Tools Work/Life Balance Managed IT Service Search Engine ROI Personal Wireless Charging Inventory Start Menu Project Management Quick Tip USB Solid State Drive FinTech Printers Frequently Asked Questions Recovery Downtime Password Management Social Sync Multi-Factor Security Saving Time Office 5G Criminal Twitter Windows 10s Firewall Cabling Fiber Optics WiFi Messaging Business Mangement Smart Tech Screen Mirroring MSP Net Neutrality Millennials Digital Signature Bing GDPR Digitize Hacker Google Apps Employer-Employee Relationship Employee Bitcoin The Internet of Things Regulations Electronic Medical Records Wire Physical Security Entertainment Warranty Excel Root Cause Analysis NIST Supply Chain Management Addiction Unified Threat Management Cables Trend Micro Online Shopping HVAC Flash SMS Gmail Cast File Sharing ISP Value Workforce OLED Using Data Credit Cards PDF Remote Computing IT Assessment Workers Specifications Batteries PCI DSS Data Management Printer Tip of the week Trending Managed Services Public Cloud Mobile Computing Default App Shopping Evernote Cleaning HaaS Virtual Machine AI Recycling Devices Cryptomining Biometric Security Information Technology Windows Server 2008 R2 OneDrive Authentication Data loss Google Search Virtual Private Network Computer Fan YouTube Mouse Windows Server 2008 Practices Safe Mode Security Cameras Covid-19 Cache Software Tips Policy Smart Office HBO IT Infrastructure Social Network Shortcuts Hypervisor Remote Wireless eWaste Thought Leadership Remote Worker Database Telecommuting Manufacturing Computing Amazon Emergency Windows 10 Company Culture Public Speaking Presentation Managed Service Provider Lithium-ion battery Managing Stress Hiring/Firing Wireless Technology Tech Support Personal Information Safety IBM Fun Marketing Productivity Budget Financial Competition Customer Relationship Management IP Address Hard Drives Customer Service Search Regulation Domains CrashOverride