07 Jul Understanding PCI Compliance
The Payment Card Industry Data Security Standard (PCI DSS) is a common set of industry standards that were created to better align the separate card brand security programs into one and educate businesses on the necessary steps to ensure the safe handling of sensitive information, including card holder data.
Regardless of the size of your business, complying with the PCI DSS is essential for any merchant that accepts credit cards as a form of payment. The requirements for validating PCI compliance are dependent upon the merchant level that a company falls under. Merchants are divided into four different merchant levels based on the number of transactions they process annually and the environment in which they operate.
Regardless of the size of your business, complying with the PCI DSS is essential for any merchant that accepts credit cards as a form of payment
It is important to maintain compliance because it demonstrates to customers, vendors and suppliers your dedication to cardholder privacy. Businesses are required to validate compliance on an annual basis, but the measures taken to become compliant should be treated as business as usual and maintained throughout the year to truly be effective in mitigating the ever changing landscape of threats to all types of card holder data environments. The PCI Security Standards Council does not enforce merchant validation, they created the standard but rely on the processor to work with its merchants to comply. The individual payment brands, however, do impose financial and operational consequences to certain businesses that are not compliant. Although validating compliance does not guarantee a business will not suffer a data compromise, which in most cases is not only financially but also brand damaging, it greatly reduces the chances of this happening.
We have a fully staffed Compliance Team ready to answer any questions you may have pertaining to PCI DSS validation. In addition to the support we offer, we have partnered with an online validation program to offer merchant’s access to a streamlined online Self-Assessment Questionnaire (SAQ), in addition to access to quarterly vulnerability scanning performed by an Approved Scanning Vendor (ASV) and penetration testing tools. Merchants may use our sponsored program, or we can assist with confirming alternate validation options such as submitting validation documents completed by use of another validation program vendor or assist with directing merchants to the PCI SSC website where the paper SAQ’s are available for download and completion, in addition to the list of ASV’s.
Additional links and resources: