Direct Technology Group Blog

Direct Technology Group provides professional IT Support and Network Services for Businesses around South Florida. Computer Services, Tech Support, IT Solutions and more!

Everything You Need to Know About PCI Compliance

Nowadays, every business accepts payment cards. To protect people’s personal and financial information when conducting transactions using credit, debit, and gift cards, the companies that stand to lose the most if these transactions are compromised: Visa, Mastercard, Discover, and American Express, have implemented industry-wide compliance regulations. This regulation is called PCI DSS, short for Payment Card Index Digital Security Standard. Let’s take a brief look at this regulation.

Understanding PCI Compliance

The credit card companies listed above make up what is called the PCI Security Standards Council. They have created a mandate that any business who wants to accept payment cards needs to adhere to. That means any business. So from the largest multinational corporation to the smallest street vendor, if that company needs to accept payment by credit, debit, or affiliated gift cards, they need to be PCI compliant.

What does that mean?

It means that any business that stores information or processes payment using digital payment cards would have to maintain PCI compliance. Here are 10 actions those business need to take to meet compliance regulations:

  1. Change passwords from system default
  2. Install all sufficient network security tools (antivirus, firewalls, etc.) that will work to protect card data
  3. Encrypt transmission of card data across public networks
  4. Restrict the transmission of card and cardholder data to “need to know” basis
  5. Assign user ID to all users with server or database access
  6. Make efforts to protect physical and digital access to card and cardholder data
  7. Monitor and maintain system security
  8. Test system security regularly
  9. Create written policies and procedures that address the importance of securing cardholder data
  10. Train your staff on best practices of accepting payment cards

Fortunately, many businesses already do these things to keep the data they store safe. Companies that don’t will likely be in breach of the regulation, and therefore, face the ire of PCI regulators. 

PCI and Business Size

According to PCI regulators, the size of your business is in direct proportion to the amount of risk you take on. That’s why PCI Security Council mandates break businesses into four different merchant levels. They are:

  • Merchant Level #1 - A business that processes over six million payment card transactions per year.
  • Merchant Level #2 - A business that processes between one million-to-six million payment card transactions per year.
  • Merchant Level #3 - A business that processes between 20,000-to-one million e-commerce payment card transactions per year.
  • Merchant Level #4 - A business that processes less than 20,000 e-commerce payment transactions, and fewer than one million overall payment card transactions per year.

Let’s take a look at the responsibilities businesses in each merchant level have to stay PCI compliant:

Merchant Level #1

Doing massive business online and otherwise brings with it more responsibility. To maintain PCI compliance, Level one merchants need to:

  • Perform a yearly Report on Compliance (ROC) through a Qualified Security Assessor (QSA)
  • Allow an Approved Security Vendor (ASV) to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #2

As transactions begin to decrease there are less stringent standards. Level two’s include:

  • Perform a yearly Self-Assessment Questionnaire (SAQ)
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #3

Many medium-sized businesses will fall under this level and need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #4

The majority of small business fall into level #4 status and like levels two and three need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council record

Data privacy is more important now than ever, and the payment card industry does a wonderful job policing their own. Companies found not to be in compliance with PCI DSS requirements face severe financial penalties, higher levels of scrutiny, and even the revocation of card processing privileges. 

If you would like to know more about PCI DSS compliance or any other regulation that concerns your information technology, call Direct Technology Group today at 954-739-4700. 

When Did Waving Become a Part of Business Meetings...
Why Remote Employees Can Feel Overworked (and How ...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 08 July 2020

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Business Computing Cloud Efficiency Productivity Hackers Google Network Security Malware Microsoft Data Innovation Business User Tips Software Smartphones Miscellaneous Backup Communication communications Hardware Email Workplace Tips Hosted Solutions Computer Internet Mobile Devices Small Business Android VoIP Smartphone Productivity Business Management IT Support Ransomware Cybersecurity Social Media Windows Mobile Device Upgrade Outsourced IT Windows 10 Browser Managed IT Services Network Tech Term Users Passwords Collaboration Microsoft Office Employer-Employee Relationship Cloud Computing Windows 10 IT Services Apps Automation Bandwidth Save Money Business Continuity Holiday Office Managed IT Services Facebook Data Backup Marketing Chrome Internet of Things Gadgets Quick Tips IT Support Phishing Data Recovery Disaster Recovery Saving Money Wireless Wi-Fi Networking Managed Service Server Gmail Information Applications Router Alert Mobile Device Management Apple Password Health Retail Managed Service Provider Computers Access Control VPN App Data Breach Hacking Virtualization Office Tips Business Intelligence Remote Computing Settings Mobility Physical Security Cybercrime Office 365 Government Analytics Law Enforcement Remote Monitoring BYOD Application iPhone Recovery Excel Blockchain Patch Management BDR Website Operating System Going Green Twitter Laptop Data Management VoIP Voice over Internet Protocol Humor Spam Mobile Computing Google Drive Managed IT Service Value Telephone Systems Workers Safety Biometrics Paperless Office History Mouse Entertainment Politics WiFi Big Data Artificial Intelligence Battery Virus Conferencing Environment Social Engineering Compliance Maintenance Bring Your Own Device Word Printer Lithium-ion battery Printer Server Managing Stress Batteries Mobile Office HIPAA Business Technology Hybrid Cloud Human Resources Vulnerability Cleaning Meetings Cortana Robot Telephony Sports DDoS Cost Management Tech Support Net Neutrality IT solutions Hard Drives Payment Cards Customer Relationship Management Information Technology Shadow IT Windows 7 Risk Management Customer Service Scam Internet Exlporer Smart Technology Remote Monitoring and Management Fax Server Streaming Media RAM The Internet of Things Telephone System Covid-19 Files Two-factor Authentication Wireless Charging Dark Web Data storage Employee-Employer Relationship PowerPoint End of Support Tip of the week Processor Healthcare Current Events Company Culture eWaste Search Virtual Assistant Data Security Hosted Solution G Suite Data Protection Remote Work User Error Education How To Best Practice Tech Terms Virtual Reality Social Network Medical IT Shortcut Connectivity Tablet Payment People Cabling Network Attached Storage Bloatware User Security Regulations Compliance Public Cloud Millennials disposal Windows Media Player Distribution Hard Disk Drive Running Cable Botnet SSD GDPR Uninterrupted Power Supply SaaS Eliminating Downtime Legal Processors Downloads Touchpad Licensing Computer Repair Gadget instant Messaging Server Management Entrepreneur Social Networking Fleet Management Video Managed IT Inventory Storage Wireless Internet Spyware Trends Tablets Travel IT Service Bitcoin Vulnerabilities Windows XP Machine Learning Amazon Relocation PDF Multi-Factor Authentication OneNote Mobile Security Error Help Desk Phone System Video Games HP A.I. Live Streaming Mobile Cryptocurrency User Telecommute Plug-In Sales Voice over IP Database Multi-Factor Security Holidays Windows Server 2008 R2 Distributed Denial of Service e-waste Touchscreen Certification Budget Document Management Movies Memory Black Market WhatsApp Remote Threats Webcam Data loss Proactive IT Knowledge eCommerce Tactics YouTube Virtual Private Network Taskbar Microsoft Office 365 Worker Training Alerts Digital Unified Communications News Remote Workers Scams Copy Time Management Bluetooth Staff Programming Comparison Online Shopping Internet Explorer NarrowBand Co-Managed IT National Security Authentication Security Cameras Work/Life Balance Edge Downtime Project Management Paste Chrome OS SharePoint USB Avoiding Downtime Websites Analysis Specifications Threat Wireless Technology Memes Updates Encryption Automobile Authorization Insurance Wearables Microsoft Teams Analyitcs Management File Management Dongle Troubleshooting Lead Generation Printing Hacker Chromecast IT Notifications Access Consultant IT budget Computer Accessories Monitor Remote Support Remote Working Hiring/Firing Remote Control Managed Services Provider Electronic Health Records Internet exploMicrosoft Content Filtering Update Techology Paper Science Hosted Desktop Display Antivirus Printers Best Available IT Management Cameras Reputation Staffing Spam Blocking Vendor Employees Google Maps Technology Tips Reporting Advertising User Tip Outlook HaaS WannaCry Ink Windows 8 Firewall Benchmarks E-Commerce Spotify Cables Customer File Sharing PCI DSS Private Cloud Telecommuting Email Management Solid State Drive Wearable Technology Backup and Disaster Recovery Social Personal Information Profitability WIndows 7 Flexibility Hard Drive Unified Threat Management Profiles Recycling