Login | Register 
Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Print

PCI Compliance 101

Total Tech Care Blog Security
0 Comments
PCI Compliance 101

Does your business accept credit cards? Of course it does. Regardless of what industry you are in, your customers are now using payment cards for a large portion of their retail transactions both online and in-store. To protect consumers, there has been a compliance standard enacted by credit card companies. Today we will look at this standard.

Introducing PCI DSS

With so many people using credit, debit, and prepaid gift cards to pay for goods and services, the economic ramifications of digital payment fraud, data loss, and other side effects of continued reliance on these methods of payment have led the companies that issue these cards to band together to create what is now known as the PCI Security Standards Council. Since its inception in 2006 the PCI Security Standards Council has been overseeing the establishment and coordination of the PCI DSS, or Payment Card Industry Digital Security Standard. Let’s take a look at how PCI compliance works.

Taking a Look at PCI 

PCI DSS was established in 2006 by credit card companies as a way to regulate business use of personal payment card information. That means all businesses. If your business processes or stores payment card information as a means of accepting digital payment, you need to maintain your PCI compliance. PCI DSS demands that businesses satisfactorily take the following steps:

  1. Change passwords from system default
  2. Install all sufficient network security tools (antivirus, firewalls, etc.) that will work to protect card data
  3. Encrypt transmission of card data across public networks
  4. Restrict the transmission of card and cardholder data to “need to know” basis
  5. Assign user ID to all users with server or database access
  6. Make efforts to protect physical and digital access to card and cardholder data
  7. Monitor and maintain system security
  8. Test system security regularly
  9. Create written policies and procedures that address the importance of securing cardholder data
  10. Train your staff on best practices of accepting payment cards

While many businesses already do these things in the normal course of doing business, if you currently don’t and you still allow for the use of payment cards, your business could have a problem on its hands. 

Business Size and Compliance 

Once you understand what you need to do to be PCI compliant, you then need to comply with the standards of your business’ merchant status. They are defined as follows:

  • Merchant Level #1 - A business that processes over six million payment card transactions per year.
  • Merchant Level #2 - A business that processes between one million-to-six million payment card transactions per year.
  • Merchant Level #3 - A business that processes between 20,000-to-one million e-commerce payment card transactions per year.
  • Merchant Level #4 - A business that processes less than 20,000 e-commerce payment transactions, and fewer than one million overall payment card transactions per year.

Since a business with more transactions has a better chance to foul up a situation concerning payment card compliance, they are required to do more to prove compliance than smaller businesses do. Here are the expectations for businesses in each merchant level:

Merchant Level #1

Doing massive business online and otherwise brings with it more responsibility. To maintain PCI compliance, Level one merchants need to:

  • Perform a yearly Report on Compliance (ROC) through a Qualified Security Assessor (QSA)
  • Allow an Approved Security Vendor (ASV) to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #2

As transactions begin to decrease there are less stringent standards. Level twos include:

  • Perform a yearly Self-Assessment Questionnaire (SAQ)
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #3

Many medium-sized businesses will fall under this level and need to:

  • Perform an SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #4

The majority of small businesses fall into level #4 status and, like levels two and three, need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council record

Businesses that are non-compliant will face fines, extra scrutiny, or risk having the privilege of accepting payment cards officially revoked. If you have questions about the particulars of PCI DSS compliance, call the knowledgeable professionals at Total Tech Care today at 866-348-2602.

Tweet
Tags:
Compliance Regulations PCI DSS
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 24 January 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Categories

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Software Efficiency Network Security Google Business Internet Microsoft Email Malware Backup Workplace Tips Innovation User Tips Data Computer Mobile Devices Hardware IT Services Android VoIP Disaster Recovery communications Communication IT Support Business Continuity Smartphones Miscellaneous Smartphone Mobile Device Browser Small Business Network Collaboration Productivity Cybersecurity Quick Tips Users Business Management Managed IT Services Windows Upgrade Phishing Ransomware Data Backup Outsourced IT Windows 10 Cloud Computing Data Recovery Office Server Save Money Windows 10 Passwords Chrome Virtualization Social Media Gadgets Tech Term Saving Money Holiday Microsoft Office Automation Managed IT Services Managed Service Facebook Computers Cybercrime Artificial Intelligence Operating System Hacking Internet of Things Health BYOD Wi-Fi Mobile Device Management Networking IT Support Telephone Systems Covid-19 Information Technology Information Alert Remote Spam Managed Service Provider Office 365 Mobility Router BDR Recovery Employer-Employee Relationship Bandwidth Social Engineering App History Law Enforcement Mobile Computing Data Breach Human Resources Application Password Money Remote Monitoring Encryption Applications Big Data Office Tips Blockchain Government Paperless Office Training Data Storage Patch Management Private Cloud VPN Managed IT Remote Computing Apps Mobile Office How To Wireless Avoiding Downtime Vulnerability Flexibility Gmail Windows 7 Marketing Word WiFi Settings IT solutions Entertainment Infrastructure Servers Voice over Internet Protocol Website Budget Bring Your Own Device Two-factor Authentication Data Management Work/Life Balance Mouse HaaS Data Security Google Drive Risk Management Managed Services Display Keyboard Hacker The Internet of Things Software as a Service Conferencing Telephone System Staff Lithium-ion battery Machine Learning Employee/Employer Relationship Scam RMM Connectivity Remote Work Save Time Firewall Vendor Management USB Virtual Reality Cleaning Apple Social Data Protection End of Support User Error Meetings Education Physical Security Safety Sports Vendor HIPAA Redundancy Access Control Biometrics Hiring/Firing Remote Workers Proactive IT Virtual Desktop Virtual Assistant Processor Best Practice Authentication Virus YouTube DDoS Black Market Unified Threat Management Computer Accessories Hard Drive SharePoint Business Intelligence Update Audit Document Management Worker Solid State Drive Computing Wireless Technology Customer Service IT Management Environment Google Docs How to Downtime Printer Botnet Identity Theft Bluetooth Fax Server IT Plan Data storage Automobile SaaS Digital Signage Unsupported Software Augmented Reality Fraud Charger Computing Infrastructure IT Consultant Going Green Network Congestion Compliance Remote Worker Procurement eWaste OneNote Computer Care Current Events Workplace Strategy Humor Cryptocurrency Net Neutrality Telephony Battery Shadow IT Help Desk Samsung Legal Printing Comparison Value Internet Exlporer Wearable Technology Hard Drives Retail CES Managed Services Provider Instant Messaging Spam Blocking Electronic Medical Records PDF Robot Excel Business Technology Database Content Management Windows Server 2008 R2 Mobile Millennials Windows 10s Relocation Printers Customer relationships Smart Office Wireless Charging Cast Tip of the week webinar Email Best Practices Video Games Emergency IT Assessment Manufacturing Professional Services Workforce Public Cloud Worker Commute Employer Employee Relationship Virtual Private Network User Assessment Computer Tips PowerPoint Managed IT Service Windows Media Player Security Cameras Cables Experience Science Windows Server 2008 Virtual CIO Scalability OneDrive Biometric Security Project Management Nanotechnology Tools Telecommuting Business Owner Peripheral Managing Stress Television Digital Security Cameras Using Data NarrowBand Distributed Denial of Service Customer Relationship Management Cortana Digital Signature Analyitcs Search Copiers 5G Warranty Cameras Programming Quick Tip iPhone Public Computer Ergonomics HVAC Smartwatch Google Apps Analysis Regulations Transportation Development OLED Administrator Virtual Machine Antivirus Devices Computer Fan Rootkit PCI DSS Files Windows 8 2FA Fiber Optics Chromecast Enterprise Content Management Employee IT service Accountants Workers Benefits Messaging MSP Cabling Microchip Printer Server Hypervisor Uninterrupted Power Supply Thought Leadership Credit Cards FENG Policy Colocation Tablet IBM Dark mode Trend Micro Password Management Password Manager Domains Flash Multi-Factor Security Smart Technology SMS Monitor Default App Search Engine Saving Time Twitter Procedure Supercomputer dark theme Shopping IaaS NIST Google Search Maintenance Business Mangement Software Tips Smart Tech Sync Bloatware Trending Emails AI Reputation IT Infrastructure Streaming Media FinTech Tech Support Addiction Bing Amazon Content Tablets Techology Social Network Laptop Recycling Investment Practices Entrepreneur Netflix Two Factor Authentication Customers Wiring Employees Employee/Employer Relationships Cache Amazon Web Services Root Cause Analysis Audiobook HBO Knowledge Windows 365 Music Touchpad Safe Mode ISP Shortcut Criminal ROI Hosted Computing Skype Cost Management Consultant Video Conferencing GDPR Sales Advertising Analytics Bitcoin Wireless Internet Shortcuts Social Networking Online Shopping Data loss Politics Outlook Leadership Point of Sale Troubleshooting Personal File Sharing Cryptomining Notifications Inventory Start Menu Specifications Best Available Supply Chain Management Camera Loyalty Monitoring Batteries Running Cable Wire Evernote Screen Mirroring WIndows 7 Frequently Asked Questions Memory Travel Windows 8.1 Books Digitize

      Top Blog

      Taking a Vacation From Your Technology While On Vacation Can Actually Make Things Worse
      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      Read More
      QR-Code