Sunday, May 20, 2012
   
Text Size

Compliance Information

Basics of Payment Card Industry (PCI) Compliance

pcinewWhat is the Payment Card Industry Data Security Standard (PCI DSS)?

The PCI DSS is a set of comprehensive requirements to help ensure the safe handling of cardholder data throughout the payments chain. It was developed by PCI Security Standards Council (PCI SSC), which is a consortium comprised of the five major payment brands including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. International.

Who needs to comply with the PCI DSS?

ALL organizations, regardless of size or number of transactions, that process, store or transmit cardholder data must comply with the PCI DSS. Essentially, all merchants with a Merchant Identification number (MID) and all service providers that touch cardholder data are required to comply with the PCI DSS.

How do merchants satisfy the PCI requirements?

To satisfy the requirements of PCI, a merchant must complete the following steps:

  • Identify your Validation Type as defined by PCI DSS. This is used to determine which Self Assessment Questionnaire (SAQ) is appropriate for your business.

  • Complete the applicable SAQ.

  • Complete and obtain evidence of a passing vulnerability scan with a PCI SSC Approved Scanning Vendor (ASV) on a quarterly basis. Note: scanning only applies to merchants with Internet-facing IP addresses.

  • Complete the Attestation of Compliance.

  • Submit the SAQ/Attestation of Compliance and evidence of a passing scan (if applicable) to your acquirer.

When do I need to be PCI compliant?

While the card brands require all merchants that store, process or transmit cardholder data be compliant today, deadlines for Level 4 merchants to validate PCI compliance are set by the acquiring banks.

Why do I need to be PCI compliant?

Merchants who do not achieve compliance may be subject to non-compliance penalties and large fines in the event of an actual data breach. Merchants may be held responsible for the cost of an audit and additional fines and fees from the card brands. These fees can reach up to $100,000 and easily put a merchant out of business. Becoming PCI compliant helps reduce the risk of a data breach and is a best practice for anyone processing payment card transactions.

Where can I access the tools I need to become PCI compliant?

It is important that you work to achieve PCI compliance through a reputable PCI compliance solution provider that is also an Approved Scanning Vendor (ASV) by the PCI Council. PCI compliance solution providers, like ControlScan, provide a detailed, personal level of support to merchants who need assistance in working through the SAQ, launching and remediating vulnerability scans and submitting Attestation of Compliance to their acquirers. PCI experts, like ControlScan, take the guess work out of achieving compliance by answering questions that arise as merchants work toward achieving compliance and creating a higher overall security posture for their companies. Additionally, most merchants will need to implement certain requirements such as security awareness training for their employees and security policies for their businesses in order to become compliant. The PCI compliance program your acquirer has developed with ControlScan provides you with the tools and expertise to become PCI compliant in a quick and easy way.

pci_banner

Click Here to Print out your Breech Protection Evidence Documentation.