Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

PCI Compliance 101

PCI Compliance 101

Does your business accept credit cards? Of course it does. Regardless of what industry you are in, your customers are now using payment cards for a large portion of their retail transactions both online and in-store. To protect consumers, there has been a compliance standard enacted by credit card companies. Today we will look at this standard.

Introducing PCI DSS

With so many people using credit, debit, and prepaid gift cards to pay for goods and services, the economic ramifications of digital payment fraud, data loss, and other side effects of continued reliance on these methods of payment have led the companies that issue these cards to band together to create what is now known as the PCI Security Standards Council. Since its inception in 2006 the PCI Security Standards Council has been overseeing the establishment and coordination of the PCI DSS, or Payment Card Industry Digital Security Standard. Let’s take a look at how PCI compliance works.

Taking a Look at PCI 

PCI DSS was established in 2006 by credit card companies as a way to regulate business use of personal payment card information. That means all businesses. If your business processes or stores payment card information as a means of accepting digital payment, you need to maintain your PCI compliance. PCI DSS demands that businesses satisfactorily take the following steps:

  1. Change passwords from system default
  2. Install all sufficient network security tools (antivirus, firewalls, etc.) that will work to protect card data
  3. Encrypt transmission of card data across public networks
  4. Restrict the transmission of card and cardholder data to “need to know” basis
  5. Assign user ID to all users with server or database access
  6. Make efforts to protect physical and digital access to card and cardholder data
  7. Monitor and maintain system security
  8. Test system security regularly
  9. Create written policies and procedures that address the importance of securing cardholder data
  10. Train your staff on best practices of accepting payment cards

While many businesses already do these things in the normal course of doing business, if you currently don’t and you still allow for the use of payment cards, your business could have a problem on its hands. 

Business Size and Compliance 

Once you understand what you need to do to be PCI compliant, you then need to comply with the standards of your business’ merchant status. They are defined as follows:

  • Merchant Level #1 - A business that processes over six million payment card transactions per year.
  • Merchant Level #2 - A business that processes between one million-to-six million payment card transactions per year.
  • Merchant Level #3 - A business that processes between 20,000-to-one million e-commerce payment card transactions per year.
  • Merchant Level #4 - A business that processes less than 20,000 e-commerce payment transactions, and fewer than one million overall payment card transactions per year.

Since a business with more transactions has a better chance to foul up a situation concerning payment card compliance, they are required to do more to prove compliance than smaller businesses do. Here are the expectations for businesses in each merchant level:

Merchant Level #1

Doing massive business online and otherwise brings with it more responsibility. To maintain PCI compliance, Level one merchants need to:

  • Perform a yearly Report on Compliance (ROC) through a Qualified Security Assessor (QSA)
  • Allow an Approved Security Vendor (ASV) to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #2

As transactions begin to decrease there are less stringent standards. Level twos include:

  • Perform a yearly Self-Assessment Questionnaire (SAQ)
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #3

Many medium-sized businesses will fall under this level and need to:

  • Perform an SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #4

The majority of small businesses fall into level #4 status and, like levels two and three, need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council record

Businesses that are non-compliant will face fines, extra scrutiny, or risk having the privilege of accepting payment cards officially revoked. If you have questions about the particulars of PCI DSS compliance, call the knowledgeable professionals at Total Tech Care today at 866-348-2602.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 25 December 2024
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Network Security Business Google Microsoft Internet Email Malware Backup Workplace Tips Innovation User Tips Data Computer Mobile Devices Hardware IT Services Android VoIP Disaster Recovery communications Business Continuity Smartphones Communication IT Support Smartphone Miscellaneous Mobile Device Small Business Network Browser Productivity Collaboration Quick Tips Cybersecurity Users Business Management Windows Phishing Upgrade Managed IT Services Ransomware Outsourced IT Data Backup Windows 10 Data Recovery Office Cloud Computing Server Save Money Windows 10 Passwords Saving Money Holiday Gadgets Tech Term Social Media Chrome Virtualization Managed IT Services Managed Service Automation Microsoft Office Computers Artificial Intelligence Facebook Operating System Cybercrime BYOD Internet of Things Mobile Device Management Networking IT Support Wi-Fi Hacking Health Spam Covid-19 Information Office 365 Alert Telephone Systems Managed Service Provider Information Technology Remote Router BDR Bandwidth Social Engineering Mobility Recovery Employer-Employee Relationship Mobile Computing Law Enforcement Remote Monitoring Application App History Password Big Data Money Encryption Data Breach Applications Human Resources Remote Computing Government Blockchain Mobile Office Paperless Office How To Private Cloud Managed IT Office Tips Training Data Storage Patch Management Apps VPN WiFi IT solutions Mouse Entertainment HaaS Avoiding Downtime Website Data Security Budget Infrastructure Bring Your Own Device Voice over Internet Protocol Wireless Data Management Work/Life Balance Vulnerability Windows 7 Gmail Word Settings Flexibility Servers Google Drive Marketing Two-factor Authentication Apple Keyboard Social Vendor User Error USB Managed Services Staff Software as a Service Display Telephone System Meetings Machine Learning Connectivity Remote Work Save Time Employee/Employer Relationship Risk Management Hacker RMM Cleaning The Internet of Things Conferencing Lithium-ion battery Scam End of Support Data Protection Education Physical Security Firewall Safety Vendor Management Sports HIPAA Virtual Reality Redundancy Charger Proactive IT Content Management Business Technology Printer Access Control Compliance Network Congestion eWaste Bluetooth OneNote Best Practice Computer Care Managed Services Provider YouTube Current Events Virtual Assistant Telephony Black Market Authentication Database Samsung Remote Workers Wearable Technology Document Management IT Consultant Value Processor Wireless Technology Update Retail Solid State Drive Hard Drives How to Instant Messaging Downtime Spam Blocking Electronic Medical Records Robot Humor Excel Hard Drive Google Docs Biometrics Data storage Hiring/Firing Identity Theft Automobile Virtual Desktop Computing DDoS Computing Infrastructure Augmented Reality Going Green SharePoint Fraud Business Intelligence Remote Worker Digital Signage Battery Audit Worker Customer Service IT Management Cryptocurrency Shadow IT Environment Virus Legal Botnet Procurement Fax Server IT Plan Internet Exlporer Unified Threat Management Workplace Strategy Computer Accessories Comparison Net Neutrality CES Help Desk SaaS PDF Unsupported Software Printing Relocation Wire Video Conferencing Evernote ROI Supercomputer Bitcoin Travel Shortcuts IaaS Maintenance Software Tips Sales Video Games Sync Printers Point of Sale Bloatware Emails Personal Millennials Cryptomining Worker Commute Smart Office Supply Chain Management Wireless Charging Batteries Experience Monitoring Tablets Scalability Virtual Private Network Windows 8.1 Entrepreneur Printer Server Netflix Digitize Two Factor Authentication Workforce Business Owner Root Cause Analysis Cables Windows Server 2008 R2 NarrowBand Knowledge Music Shortcut HBO Customer relationships Search Skype Project Management Email Best Practices Cost Management Nanotechnology IT Assessment Telecommuting Manufacturing Social Networking iPhone Data loss Cortana Leadership Digital Signature Managed IT Service Troubleshooting Security Cameras Outlook Computer Tips Start Menu Warranty Virtual CIO OneDrive Biometric Security Running Cable Files Screen Mirroring HVAC Peripheral Loyalty Google Apps Chromecast Analysis Using Data Books Frequently Asked Questions Digital Security Cameras Memory Mobile Administrator Windows 10s Devices Copiers 5G Colocation Cast Enterprise Content Management Quick Tip Uninterrupted Power Supply webinar Accountants Emergency Smartwatch Consultant Tip of the week MSP Ergonomics Professional Services Microchip Monitor Analytics Public Cloud Thought Leadership Development Employer Employee Relationship Credit Cards OLED Password Management PCI DSS Science Assessment Password Manager Virtual Machine Windows Server 2008 2FA Fiber Optics Multi-Factor Security Employee Best Available WIndows 7 Tools Search Engine Reputation Twitter Messaging Streaming Media Cabling Television Business Mangement Hypervisor Distributed Denial of Service Content Customer Relationship Management NIST Policy Tech Support Dark mode Analyitcs Laptop Smart Tech Trend Micro Trending Techology Programming Customers Addiction SMS Amazon Default App Public Computer Recycling Saving Time Audiobook Procedure Regulations Wiring dark theme Touchpad Practices Shopping Transportation Google Search Antivirus User PowerPoint Computer Fan Cache AI Windows Media Player Rootkit Amazon Web Services IT Infrastructure Criminal Bing Politics Advertising Safe Mode FinTech Windows 8 GDPR Workers Hosted Computing Social Network Benefits IT service Managing Stress FENG Wireless Internet Notifications Online Shopping Investment IBM Employee/Employer Relationships File Sharing Employees Tablet Flash Camera Windows 365 Cameras Inventory Smart Technology Specifications ISP Domains

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code