Login | Register 
Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Print

PCI Compliance 101

Total Tech Care Blog Security
0 Comments
PCI Compliance 101

Does your business accept credit cards? Of course it does. Regardless of what industry you are in, your customers are now using payment cards for a large portion of their retail transactions both online and in-store. To protect consumers, there has been a compliance standard enacted by credit card companies. Today we will look at this standard.

Introducing PCI DSS

With so many people using credit, debit, and prepaid gift cards to pay for goods and services, the economic ramifications of digital payment fraud, data loss, and other side effects of continued reliance on these methods of payment have led the companies that issue these cards to band together to create what is now known as the PCI Security Standards Council. Since its inception in 2006 the PCI Security Standards Council has been overseeing the establishment and coordination of the PCI DSS, or Payment Card Industry Digital Security Standard. Let’s take a look at how PCI compliance works.

Taking a Look at PCI 

PCI DSS was established in 2006 by credit card companies as a way to regulate business use of personal payment card information. That means all businesses. If your business processes or stores payment card information as a means of accepting digital payment, you need to maintain your PCI compliance. PCI DSS demands that businesses satisfactorily take the following steps:

  1. Change passwords from system default
  2. Install all sufficient network security tools (antivirus, firewalls, etc.) that will work to protect card data
  3. Encrypt transmission of card data across public networks
  4. Restrict the transmission of card and cardholder data to “need to know” basis
  5. Assign user ID to all users with server or database access
  6. Make efforts to protect physical and digital access to card and cardholder data
  7. Monitor and maintain system security
  8. Test system security regularly
  9. Create written policies and procedures that address the importance of securing cardholder data
  10. Train your staff on best practices of accepting payment cards

While many businesses already do these things in the normal course of doing business, if you currently don’t and you still allow for the use of payment cards, your business could have a problem on its hands. 

Business Size and Compliance 

Once you understand what you need to do to be PCI compliant, you then need to comply with the standards of your business’ merchant status. They are defined as follows:

  • Merchant Level #1 - A business that processes over six million payment card transactions per year.
  • Merchant Level #2 - A business that processes between one million-to-six million payment card transactions per year.
  • Merchant Level #3 - A business that processes between 20,000-to-one million e-commerce payment card transactions per year.
  • Merchant Level #4 - A business that processes less than 20,000 e-commerce payment transactions, and fewer than one million overall payment card transactions per year.

Since a business with more transactions has a better chance to foul up a situation concerning payment card compliance, they are required to do more to prove compliance than smaller businesses do. Here are the expectations for businesses in each merchant level:

Merchant Level #1

Doing massive business online and otherwise brings with it more responsibility. To maintain PCI compliance, Level one merchants need to:

  • Perform a yearly Report on Compliance (ROC) through a Qualified Security Assessor (QSA)
  • Allow an Approved Security Vendor (ASV) to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #2

As transactions begin to decrease there are less stringent standards. Level twos include:

  • Perform a yearly Self-Assessment Questionnaire (SAQ)
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #3

Many medium-sized businesses will fall under this level and need to:

  • Perform an SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #4

The majority of small businesses fall into level #4 status and, like levels two and three, need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council record

Businesses that are non-compliant will face fines, extra scrutiny, or risk having the privilege of accepting payment cards officially revoked. If you have questions about the particulars of PCI DSS compliance, call the knowledgeable professionals at Total Tech Care today at 866-348-2602.

Tweet
Tags:
Compliance Regulations PCI DSS
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, 23 November 2024
If you'd like to register, please fill in the username, password and name fields.

Blog Categories

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Software Efficiency Network Security Business Google Internet Microsoft Email Malware Backup Workplace Tips Innovation User Tips Data Computer Mobile Devices IT Services Hardware Android VoIP Disaster Recovery communications IT Support Smartphones Business Continuity Communication Miscellaneous Smartphone Mobile Device Browser Small Business Network Productivity Collaboration Quick Tips Cybersecurity Users Business Management Managed IT Services Windows Phishing Upgrade Outsourced IT Ransomware Data Backup Windows 10 Save Money Data Recovery Office Cloud Computing Server Windows 10 Passwords Chrome Virtualization Gadgets Saving Money Holiday Social Media Tech Term Microsoft Office Managed IT Services Managed Service Automation Cybercrime Operating System Computers Artificial Intelligence Facebook Health Hacking Internet of Things BYOD Mobile Device Management Wi-Fi Networking IT Support Managed Service Provider Remote Spam Office 365 Alert Covid-19 Telephone Systems Information Information Technology Social Engineering Mobility Router BDR Bandwidth Employer-Employee Relationship Recovery Encryption Human Resources Big Data Applications Data Breach Remote Monitoring Law Enforcement Mobile Computing App Application History Password Money Remote Computing Government Mobile Office Blockchain Private Cloud Paperless Office How To Office Tips Managed IT Training Apps VPN Data Storage Patch Management Windows 7 Word Two-factor Authentication Google Drive Servers Mouse HaaS Avoiding Downtime Flexibility Marketing WiFi Data Security IT solutions Entertainment Website Budget Wireless Bring Your Own Device Data Management Work/Life Balance Infrastructure Gmail Voice over Internet Protocol Settings Vulnerability Education Scam Physical Security Safety Data Protection Virtual Reality HIPAA Sports Apple Redundancy Social Keyboard Vendor Management User Error Meetings Vendor Managed Services Telephone System Staff Software as a Service Display Save Time Risk Management Hacker Machine Learning USB Connectivity Remote Work Employee/Employer Relationship The Internet of Things Lithium-ion battery Cleaning RMM Conferencing End of Support Firewall Remote Worker Digital Signage Audit Worker Internet Exlporer SaaS IT Management Cryptocurrency PDF Botnet Procurement IT Plan Workplace Strategy Network Congestion Comparison Net Neutrality Virus Proactive IT eWaste CES Unsupported Software Help Desk Printing Best Practice Unified Threat Management Computer Accessories Charger YouTube Black Market Content Management Business Technology Compliance Access Control OneNote Computer Care Wearable Technology Managed Services Provider Retail Hard Drives Current Events Virtual Assistant Document Management Authentication Telephony Database Instant Messaging Robot Printer Excel Samsung Solid State Drive Wireless Technology Downtime Remote Workers Bluetooth How to Biometrics Processor Virtual Desktop Value Data storage Update Spam Blocking Automobile Electronic Medical Records Hard Drive DDoS IT Consultant Google Docs Hiring/Firing Computing Infrastructure SharePoint Identity Theft Going Green Computing Humor Customer Service Augmented Reality Environment Battery Shadow IT Fraud Fax Server Business Intelligence Legal Dark mode Smart Tech Trend Micro IT service Trending Politics Advertising Addiction SMS Amazon Default App Best Available Recycling Saving Time WIndows 7 Tablet Public Computer Procedure Transportation Wiring dark theme Practices Shopping Notifications Domains Regulations Google Search Computer Fan Rootkit Cache AI Amazon Web Services IT Infrastructure IaaS Criminal Maintenance Bing Safe Mode FinTech Benefits GDPR Relocation Hosted Computing Social Network Bloatware Workers FENG Wireless Internet Online Shopping Investment Employee/Employer Relationships User PowerPoint Tablets IBM Windows Media Player Video Games File Sharing Employees Worker Commute Smart Technology Camera Windows 365 Inventory Flash Specifications ISP Entrepreneur Experience Wire Video Conferencing Evernote ROI Bitcoin Managing Stress Shortcut Software Tips Travel Shortcuts Supercomputer Scalability Sales Business Owner Printers Point of Sale Personal Sync Millennials Cryptomining Cost Management Emails Social Networking Cameras Smart Office Supply Chain Management NarrowBand Wireless Charging Batteries Search Monitoring Two Factor Authentication Virtual Private Network Windows 8.1 iPhone Digitize Workforce Netflix Root Cause Analysis Running Cable Cables Windows Server 2008 R2 Customer relationships HBO Memory Knowledge Music Project Management Email Best Practices Files Nanotechnology IT Assessment Skype Telecommuting Manufacturing Cortana Data loss Printer Server Chromecast Computer Tips Digital Signature Managed IT Service Outlook Security Cameras Leadership Troubleshooting Warranty Virtual CIO Colocation OneDrive Uninterrupted Power Supply Start Menu Biometric Security Google Apps Screen Mirroring Science Loyalty HVAC Peripheral Books Digital Security Cameras Monitor Analysis Using Data Frequently Asked Questions Windows 10s Administrator Devices Copiers Mobile 5G Customer Relationship Management Cast Enterprise Content Management Quick Tip Distributed Denial of Service Emergency MSP Ergonomics Reputation Accountants Streaming Media Tip of the week Smartwatch Analyitcs webinar Public Cloud Content Employer Employee Relationship Microchip Thought Leadership Development Tech Support Professional Services Credit Cards OLED Programming Password Manager Virtual Machine Assessment Techology Password Management PCI DSS Laptop 2FA Customers Fiber Optics Windows Server 2008 Multi-Factor Security Employee Audiobook Search Engine Twitter Messaging Antivirus Tools Cabling Consultant Business Mangement Hypervisor Analytics Windows 8 Television NIST Policy Touchpad

      Top Blog

      Taking a Vacation From Your Technology While On Vacation Can Actually Make Things Worse
      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      Read More
      QR-Code