Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

PCI Compliance 101

PCI Compliance 101

Does your business accept credit cards? Of course it does. Regardless of what industry you are in, your customers are now using payment cards for a large portion of their retail transactions both online and in-store. To protect consumers, there has been a compliance standard enacted by credit card companies. Today we will look at this standard.

Introducing PCI DSS

With so many people using credit, debit, and prepaid gift cards to pay for goods and services, the economic ramifications of digital payment fraud, data loss, and other side effects of continued reliance on these methods of payment have led the companies that issue these cards to band together to create what is now known as the PCI Security Standards Council. Since its inception in 2006 the PCI Security Standards Council has been overseeing the establishment and coordination of the PCI DSS, or Payment Card Industry Digital Security Standard. Let’s take a look at how PCI compliance works.

Taking a Look at PCI 

PCI DSS was established in 2006 by credit card companies as a way to regulate business use of personal payment card information. That means all businesses. If your business processes or stores payment card information as a means of accepting digital payment, you need to maintain your PCI compliance. PCI DSS demands that businesses satisfactorily take the following steps:

  1. Change passwords from system default
  2. Install all sufficient network security tools (antivirus, firewalls, etc.) that will work to protect card data
  3. Encrypt transmission of card data across public networks
  4. Restrict the transmission of card and cardholder data to “need to know” basis
  5. Assign user ID to all users with server or database access
  6. Make efforts to protect physical and digital access to card and cardholder data
  7. Monitor and maintain system security
  8. Test system security regularly
  9. Create written policies and procedures that address the importance of securing cardholder data
  10. Train your staff on best practices of accepting payment cards

While many businesses already do these things in the normal course of doing business, if you currently don’t and you still allow for the use of payment cards, your business could have a problem on its hands. 

Business Size and Compliance 

Once you understand what you need to do to be PCI compliant, you then need to comply with the standards of your business’ merchant status. They are defined as follows:

  • Merchant Level #1 - A business that processes over six million payment card transactions per year.
  • Merchant Level #2 - A business that processes between one million-to-six million payment card transactions per year.
  • Merchant Level #3 - A business that processes between 20,000-to-one million e-commerce payment card transactions per year.
  • Merchant Level #4 - A business that processes less than 20,000 e-commerce payment transactions, and fewer than one million overall payment card transactions per year.

Since a business with more transactions has a better chance to foul up a situation concerning payment card compliance, they are required to do more to prove compliance than smaller businesses do. Here are the expectations for businesses in each merchant level:

Merchant Level #1

Doing massive business online and otherwise brings with it more responsibility. To maintain PCI compliance, Level one merchants need to:

  • Perform a yearly Report on Compliance (ROC) through a Qualified Security Assessor (QSA)
  • Allow an Approved Security Vendor (ASV) to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #2

As transactions begin to decrease there are less stringent standards. Level twos include:

  • Perform a yearly Self-Assessment Questionnaire (SAQ)
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #3

Many medium-sized businesses will fall under this level and need to:

  • Perform an SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #4

The majority of small businesses fall into level #4 status and, like levels two and three, need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council record

Businesses that are non-compliant will face fines, extra scrutiny, or risk having the privilege of accepting payment cards officially revoked. If you have questions about the particulars of PCI DSS compliance, call the knowledgeable professionals at Total Tech Care today at 866-348-2602.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, 24 April 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Google Business Network Security Microsoft Internet Email Malware Backup Workplace Tips Innovation Data User Tips Computer Mobile Devices IT Services Hardware Disaster Recovery Android VoIP communications Communication Business Continuity IT Support Smartphones Smartphone Miscellaneous Mobile Device Small Business Network Browser Collaboration Productivity Cybersecurity Quick Tips Business Management Users Phishing Upgrade Windows Managed IT Services Outsourced IT Ransomware Data Backup Windows 10 Data Recovery Office Cloud Computing Server Save Money Passwords Windows 10 Saving Money Gadgets Holiday Social Media Tech Term Chrome Virtualization Managed IT Services Automation Managed Service Microsoft Office Facebook Artificial Intelligence Cybercrime Operating System Computers Internet of Things BYOD Mobile Device Management Networking Wi-Fi Health IT Support Hacking Information Technology Covid-19 Alert Information Managed Service Provider Spam Remote Office 365 Telephone Systems BDR Bandwidth Recovery Employer-Employee Relationship Social Engineering Mobility Router Law Enforcement App History Application Human Resources Password Money Big Data Encryption Remote Monitoring Applications Data Breach Mobile Computing Office Tips Training Blockchain Private Cloud Paperless Office How To VPN Managed IT Apps Remote Computing Data Storage Patch Management Mobile Office Government IT solutions Entertainment Wireless Website Data Security Budget Gmail Settings Bring Your Own Device Data Management Work/Life Balance Infrastructure Voice over Internet Protocol Two-factor Authentication Vulnerability Mouse Windows 7 HaaS Word Google Drive Servers Flexibility Marketing Avoiding Downtime WiFi Vendor The Internet of Things USB Managed Services Lithium-ion battery Software as a Service Display Telephone System Staff Save Time Machine Learning Connectivity Remote Work Employee/Employer Relationship Firewall Cleaning RMM Virtual Reality Apple Conferencing End of Support Social Education Physical Security Scam Safety User Error Data Protection HIPAA Sports Meetings Redundancy Keyboard Vendor Management Risk Management Hacker Printer Access Control Compliance Bluetooth Managed Services Provider OneNote Computer Care Current Events DDoS Virtual Assistant Authentication Document Management Telephony Database SharePoint Solid State Drive Wireless Technology Samsung Downtime Remote Workers How to IT Consultant Processor Value Update Data storage Customer Service Environment Automobile Spam Blocking Electronic Medical Records Humor Hard Drive Google Docs Fax Server Identity Theft Computing Infrastructure Hiring/Firing Going Green SaaS Computing Battery Augmented Reality Fraud Shadow IT Network Congestion eWaste Legal Business Intelligence Digital Signage Remote Worker Audit Internet Exlporer Worker Cryptocurrency IT Management Virus Botnet PDF Wearable Technology Unified Threat Management Procurement IT Plan Comparison Net Neutrality Retail Workplace Strategy Hard Drives Computer Accessories Instant Messaging Proactive IT Help Desk Robot Excel CES Unsupported Software Printing Best Practice Biometrics YouTube Charger Black Market Virtual Desktop Business Technology Content Management Personal Business Owner Sync Millennials Cryptomining Emails Printers Point of Sale Smart Office Supply Chain Management Wireless Charging NarrowBand Monitoring Science Batteries Search Printer Server Digitize Workforce iPhone Netflix Two Factor Authentication Virtual Private Network Windows 8.1 Cables Windows Server 2008 R2 Root Cause Analysis Knowledge Distributed Denial of Service Music Customer Relationship Management Customer relationships HBO Analyitcs Nanotechnology IT Assessment Skype Telecommuting Manufacturing Files Project Management Email Best Practices Programming Cortana Data loss Chromecast Security Cameras Leadership Troubleshooting Computer Tips Digital Signature Managed IT Service Outlook OneDrive Start Menu Biometric Security Colocation Uninterrupted Power Supply Warranty Virtual CIO Antivirus HVAC Peripheral Google Apps Screen Mirroring Loyalty Monitor Books Digital Security Cameras Windows 8 Analysis Using Data Frequently Asked Questions Devices Copiers Mobile 5G Windows 10s IT service Administrator Enterprise Content Management Quick Tip Cast Tip of the week Smartwatch Reputation webinar Streaming Media Emergency Consultant MSP Ergonomics Tablet Accountants Analytics Thought Leadership Development Content Professional Services Credit Cards OLED Public Cloud Tech Support Employer Employee Relationship Domains Microchip Laptop Assessment Password Management PCI DSS Password Manager Virtual Machine Techology Windows Server 2008 Multi-Factor Security Employee Customers IaaS Maintenance Best Available 2FA Fiber Optics Search Engine Bloatware Twitter Messaging Audiobook Tools Cabling WIndows 7 Touchpad Television NIST Policy Business Mangement Hypervisor Smart Tech Trend Micro Trending Dark mode Tablets Entrepreneur Addiction SMS Politics Amazon Default App Advertising Public Computer Procedure Recycling Saving Time Practices Shopping Regulations Google Search Notifications Transportation Shortcut Wiring dark theme Cost Management PowerPoint Cache AI Windows Media Player Amazon Web Services IT Infrastructure Computer Fan Rootkit User Bing Social Networking Safe Mode FinTech Criminal Hosted Computing Social Network Relocation Workers Benefits GDPR Wireless Internet Online Shopping Investment FENG Managing Stress IBM Running Cable File Sharing Employees Employee/Employer Relationships Video Games Inventory Worker Commute Flash Specifications ISP Smart Technology Camera Windows 365 Memory Cameras Wire Video Conferencing Experience Evernote ROI Travel Shortcuts Supercomputer Sales Bitcoin Scalability Software Tips

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code