Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

PCI Compliance 101

PCI Compliance 101

Does your business accept credit cards? Of course it does. Regardless of what industry you are in, your customers are now using payment cards for a large portion of their retail transactions both online and in-store. To protect consumers, there has been a compliance standard enacted by credit card companies. Today we will look at this standard.

Introducing PCI DSS

With so many people using credit, debit, and prepaid gift cards to pay for goods and services, the economic ramifications of digital payment fraud, data loss, and other side effects of continued reliance on these methods of payment have led the companies that issue these cards to band together to create what is now known as the PCI Security Standards Council. Since its inception in 2006 the PCI Security Standards Council has been overseeing the establishment and coordination of the PCI DSS, or Payment Card Industry Digital Security Standard. Let’s take a look at how PCI compliance works.

Taking a Look at PCI 

PCI DSS was established in 2006 by credit card companies as a way to regulate business use of personal payment card information. That means all businesses. If your business processes or stores payment card information as a means of accepting digital payment, you need to maintain your PCI compliance. PCI DSS demands that businesses satisfactorily take the following steps:

  1. Change passwords from system default
  2. Install all sufficient network security tools (antivirus, firewalls, etc.) that will work to protect card data
  3. Encrypt transmission of card data across public networks
  4. Restrict the transmission of card and cardholder data to “need to know” basis
  5. Assign user ID to all users with server or database access
  6. Make efforts to protect physical and digital access to card and cardholder data
  7. Monitor and maintain system security
  8. Test system security regularly
  9. Create written policies and procedures that address the importance of securing cardholder data
  10. Train your staff on best practices of accepting payment cards

While many businesses already do these things in the normal course of doing business, if you currently don’t and you still allow for the use of payment cards, your business could have a problem on its hands. 

Business Size and Compliance 

Once you understand what you need to do to be PCI compliant, you then need to comply with the standards of your business’ merchant status. They are defined as follows:

  • Merchant Level #1 - A business that processes over six million payment card transactions per year.
  • Merchant Level #2 - A business that processes between one million-to-six million payment card transactions per year.
  • Merchant Level #3 - A business that processes between 20,000-to-one million e-commerce payment card transactions per year.
  • Merchant Level #4 - A business that processes less than 20,000 e-commerce payment transactions, and fewer than one million overall payment card transactions per year.

Since a business with more transactions has a better chance to foul up a situation concerning payment card compliance, they are required to do more to prove compliance than smaller businesses do. Here are the expectations for businesses in each merchant level:

Merchant Level #1

Doing massive business online and otherwise brings with it more responsibility. To maintain PCI compliance, Level one merchants need to:

  • Perform a yearly Report on Compliance (ROC) through a Qualified Security Assessor (QSA)
  • Allow an Approved Security Vendor (ASV) to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #2

As transactions begin to decrease there are less stringent standards. Level twos include:

  • Perform a yearly Self-Assessment Questionnaire (SAQ)
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #3

Many medium-sized businesses will fall under this level and need to:

  • Perform an SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #4

The majority of small businesses fall into level #4 status and, like levels two and three, need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council record

Businesses that are non-compliant will face fines, extra scrutiny, or risk having the privilege of accepting payment cards officially revoked. If you have questions about the particulars of PCI DSS compliance, call the knowledgeable professionals at Total Tech Care today at 866-348-2602.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 02 April 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Network Security Business Google Microsoft Internet Email Malware Backup Workplace Tips Innovation Data User Tips Computer Mobile Devices Hardware IT Services Disaster Recovery Android VoIP communications Business Continuity Smartphones IT Support Communication Smartphone Miscellaneous Mobile Device Small Business Network Browser Productivity Collaboration Cybersecurity Quick Tips Users Business Management Managed IT Services Upgrade Windows Phishing Ransomware Data Backup Outsourced IT Windows 10 Cloud Computing Office Server Save Money Data Recovery Windows 10 Passwords Saving Money Tech Term Holiday Gadgets Social Media Chrome Virtualization Managed Service Managed IT Services Automation Microsoft Office Facebook Artificial Intelligence Operating System Cybercrime Computers BYOD Mobile Device Management Internet of Things Networking IT Support Wi-Fi Hacking Health Spam Remote Office 365 Telephone Systems Alert Information Technology Covid-19 Managed Service Provider Information Router BDR Bandwidth Social Engineering Employer-Employee Relationship Recovery Mobility Remote Monitoring Application Law Enforcement App History Data Breach Big Data Password Money Human Resources Encryption Applications Mobile Computing Government Data Storage Patch Management Private Cloud Office Tips Training Managed IT VPN Apps Blockchain How To Remote Computing Paperless Office Mobile Office IT solutions Entertainment Website Infrastructure Budget Avoiding Downtime Voice over Internet Protocol Vulnerability Windows 7 Word Wireless Servers Gmail Bring Your Own Device Data Management Work/Life Balance Settings Data Security Two-factor Authentication Flexibility Marketing Mouse Google Drive WiFi HaaS User Error Keyboard Meetings USB Conferencing Risk Management Scam Hacker Vendor Save Time Managed Services Display The Internet of Things Data Protection Lithium-ion battery Vendor Management Cleaning Employee/Employer Relationship Firewall RMM End of Support Virtual Reality Education Physical Security Apple Telephone System Staff Software as a Service Safety Social Machine Learning HIPAA Sports Redundancy Connectivity Remote Work Printer Hiring/Firing Bluetooth Google Docs Proactive IT Procurement Net Neutrality Identity Theft Workplace Strategy Best Practice Wearable Technology Retail Help Desk Hard Drives YouTube Black Market Printing Instant Messaging Excel Robot Augmented Reality IT Consultant Business Intelligence Biometrics Fraud Document Management Audit Managed Services Provider Virtual Desktop Worker Remote Worker Humor Solid State Drive Wireless Technology IT Management Downtime Database How to Cryptocurrency Botnet DDoS IT Plan Remote Workers Data storage SharePoint Automobile Processor Unsupported Software Comparison Customer Service Charger CES Computing Infrastructure Hard Drive Environment Going Green Compliance Fax Server Computer Care Business Technology Content Management OneNote Computing Current Events Access Control Battery Virus Telephony Samsung Virtual Assistant Shadow IT SaaS Authentication Legal Unified Threat Management Computer Accessories Value Internet Exlporer Network Congestion Digital Signage eWaste Spam Blocking Electronic Medical Records PDF Update Google Apps Relocation Mobile AI Windows 10s IT Infrastructure HVAC Shortcut Bing Analysis FinTech Cast Tip of the week Social Network webinar Administrator Cost Management Emergency Devices Video Games Worker Commute Printer Server Professional Services Public Cloud Investment Social Networking Employer Employee Relationship Enterprise Content Management Assessment MSP Experience Accountants Employees Employee/Employer Relationships Windows 365 Windows Server 2008 Microchip ISP Thought Leadership Scalability Credit Cards Business Owner Password Manager Tools Video Conferencing Running Cable ROI Password Management Bitcoin Television Shortcuts Memory Multi-Factor Security Sales NarrowBand Point of Sale Personal Search Engine Cryptomining Twitter Search NIST Business Mangement iPhone Supply Chain Management Batteries Public Computer Smart Tech Trending Monitoring Amazon Windows 8.1 Regulations Digitize Transportation Addiction Science Recycling Files Computer Fan Windows Server 2008 R2 Rootkit Wiring Practices Customer relationships Chromecast Amazon Web Services Email Best Practices IT Assessment Workers Manufacturing Benefits Cache Consultant Safe Mode Criminal Analytics Colocation Uninterrupted Power Supply Distributed Denial of Service FENG Customer Relationship Management Managed IT Service IBM GDPR Security Cameras Analyitcs Hosted Computing Computer Tips Online Shopping Virtual CIO Monitor Flash OneDrive Biometric Security Programming Smart Technology Wireless Internet Best Available File Sharing WIndows 7 Peripheral Software Tips Using Data Supercomputer Camera Inventory Specifications Digital Security Cameras Evernote Reputation Sync Copiers Streaming Media Antivirus Emails 5G Wire Content Windows 8 Travel Quick Tip Tech Support IT service Printers Smartwatch Techology Millennials Ergonomics Laptop Wireless Charging Customers Development Netflix OLED Two Factor Authentication Smart Office User Audiobook Tablet PowerPoint Windows Media Player PCI DSS Root Cause Analysis Virtual Machine Touchpad HBO Fiber Optics Domains Knowledge Virtual Private Network Employee Music Workforce 2FA Cables Skype Messaging Cabling Maintenance Managing Stress Politics Advertising Policy IaaS Data loss Hypervisor Outlook Trend Micro Leadership Project Management Bloatware Troubleshooting Nanotechnology Telecommuting Dark mode Cortana Cameras Start Menu SMS Notifications Default App Loyalty Tablets Digital Signature Procedure Screen Mirroring Saving Time Frequently Asked Questions Shopping Warranty Google Search Entrepreneur Books dark theme

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code