312-253-4321    Get SUPPORT

Alchetec Blog

By accepting you will be accessing a service provided by a third-party external to https://www.alchetec.com/

PCI Compliance and Your Business

PCI Compliance and Your Business

The days of the cash-only business are over. It doesn’t matter if your business is a multinational corporation or you cut grass for a living, accepting payment cards is not only convenient for your customers, most of the time it’s the most secure way to get paid. In an effort to protect the personal and financial information of consumers who have come to depend on their payment cards, the banks that back the credit card industry have developed a regulation that businesses who process cards need to adhere to. Today, we will go over this regulation and how it affects small and medium-sized businesses

Unpacking PCI 

What is known as PCI Compliance, is actually the Payment Card Index Digital Security Standard (PCI DSS). It was established in 2006 as an industry-wide standard, sponsored by what is now known as the PCI Security Standards Council made up of some pretty familiar names: Visa, Mastercard, American Express, and Discover. The council was established to regulate the credit card industry and manage the standards in which businesses would be held to improve consumer privacy. 

The first thing you should know is that PCI standards apply to all businesses that accept payment cards. If your business stores information or processes payment using digital payment, you have to maintain PCI compliance. Here are 10 actions every business that accepts payment cards needs to take:

  1. Change passwords from system default
  2. Install all sufficient network security tools (antivirus, firewalls, etc.) that will work to protect card data
  3. Encrypt transmission of card data across public networks
  4. Restrict the transmission of card and cardholder data to “need to know” basis
  5. Assign user ID to all users with server or database access
  6. Make efforts to protect physical and digital access to card and cardholder data
  7. Monitor and maintain system security
  8. Test system security regularly
  9. Create written policies and procedures that address the importance of securing cardholder data
  10. Train your staff on best practices of accepting payment cards

Again, every single business that accepts the use of payment cards needs to be sure to accomplish these 10 things. Many businesses already do these things in the normal course of doing business, but if you don’t, and you accept payment cards, you are not in compliance and face severe rebuke. 

PCI and Business Size

Once you understand the global actions your business needs to take to stay in compliance, you then need to understand what level of merchant you are. According to the PCI Security Standards Council there are four levels of businesses that process credit cards. They are defined as follows:

  • Merchant Level #1 - A business that processes over six million payment card transactions per year.
  • Merchant Level #2 - A business that processes between one million-to-six million payment card transactions per year.
  • Merchant Level #3 - A business that processes between 20,000-to-one million e-commerce payment card transactions per year.
  • Merchant Level #4 - A business that processes less than 20,000 e-commerce payment transactions, and fewer than one million overall payment card transactions per year.

Since a breach at level 1 will likely affect more consumers, the PCI regulatory body--that doesn’t have the means to constantly check every business--spends more time regulating larger organizations than it does smaller businesses. That’s not to say that small businesses can’t face hefty fines and consumer attrition if they are non-compliant. Each level has its own specific mandate. Let’s go through them now.

Merchant Level #1
Doing massive business online and otherwise brings with it more responsibility. To maintain PCI compliance, Level one merchants need to:

  • Perform a yearly Report on Compliance (ROC) through a Qualified Security Assessor (QSA)
  • Allow an Approved Security Vendor (ASV) to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #2
As transactions begin to decrease there are less stringent standards. Level two’s include:

  • Perform a yearly Self-Assessment Questionnaire (SAQ)
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #3
Many medium-sized businesses will fall under this level and need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #4
The majority of small business fall into level #4 status and like level’s two and three need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council record

Businesses found to be in noncompliance will often be subject to review and are often fined, given extra scrutiny, or have their privilege to accept payment cards revoked. Don’t allow this to happen to your business. If you have any questions about PCI DSS standards, or how to keep your business in compliance, call the IT professionals at Alchetec today at 312-253-4321.

Tip of the Week: How to React When Your Workspace ...
Not All Threats are External
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, July 04 2020

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Productivity Best Practices Business Computing Cloud Network Security Data Data Backup IT Services Privacy Hosted Solutions IT Support Malware Software Internet Email Hackers Efficiency Outsourced IT Business Microsoft Innovation Data Recovery Computer Hardware Business Continuity Cloud Computing Small Business Mobile Devices Productivity Cybersecurity Managed IT Services Managed IT Services User Tips Backup Upgrade Google Collaboration Tech Term Ransomware Phishing Communication Business Management Windows 10 Mobile Device Workplace Tips VoIP IT Support Smartphone Smartphones Android Disaster Recovery Managed Service Provider Paperless Office Office 365 Remote Monitoring Quick Tips Managed Service Data Management Communications Server Internet of Things Managed IT Browser Social Media Network Save Money Passwords Encryption Facebook Help Desk Holiday Miscellaneous Saving Money Virtualization Compliance Wi-Fi Artificial Intelligence Business Technology BDR Windows 7 Health Government Windows 10 Document Management Training Remote Work Microsoft Office Healthcare BYOD Laptops Users Employer-Employee Relationship Risk Management Vendor Management Windows Applications Data Security Office Automation Password Redundancy Maintenance Vulnerability IT Management Scam Analytics Project Management Going Green Chrome Blockchain Information Two-factor Authentication Regulations Infrastructure SaaS Tip of the week Data loss Telephone Systems Apps Avoiding Downtime Unified Threat Management File Sharing Bandwidth Processor Storage Antivirus Recovery Mobility Gmail Website App Meetings OneDrive Money Router Employee-Employer Relationship Word RMM Politics Wireless VPN Mobile Device Management Hard Drive Covid-19 Machine Learning Access Control Virtual Reality IoT Work/Life Balance Data Storage Virtual Private Network IT Service Firewall Flexibility Company Culture Software as a Service Computing Tablet Bring Your Own Device Hosted Solution Gadgets Computers Robot Customer Relationship Management Files Big Data Proactive Managed Services Provider Payment Cards Employees Network Management Management Information Technology Display Customer Service Smart Technology Mobile Office Net Neutrality Chromebook How To Co-Managed IT Remote Monitoring and Management Professional Services Server Management HIPAA Settings Twitter Monitors Managed Services Remote Workers Internet Exlporer Solid State Drive Operating System Networking Social Search Remote Computing Remote Worker Data Breach Electronic Medical Records Cooperation Downtime Mobile Security Digital Payment Augmented Reality Identity Theft Monitoring Licensing Recycling Printing Utility Computing Electronic Health Records The Internet of Things Social Network Assessment Alert Consulting Dark Web Outlook File Management Data Storage Patch Management Apple Upgrades Time Management Unified Communications Uninterrupted Power Supply How To Consultation Samsung Unsupported Software Outsourcing PowerPoint Servers User Error Wearable Technology Enterprise Content Management GPS YouTube Black Market Data Warehousing Smart Tech Proactive IT Computer Repair Crowdsourcing Computing Infrastructure Value of Managed Services Mouse Google Maps Employer/Employee Relationships 3D Printing IT Procurement Cost Management Travel Dark Data Windows Server Remote Working Read Only Hacking Google Calendar Botnet Identity Supercomputer Notifications History Bitcoin Mobile Data Video Conferencing Point of Sale Printer Sports Vulnerabilities Tracking Social Engineering Telephone Wires Zero-Day Threat Physical Security Microsoft Excel Connectivity Content Filtering Security Cameras Touchscreen IT Consulting Alerts Enterprise Resource Planning Corporate Profile Instant Messaging Manufacturing Comparison Business Growth Spam Distributed Denial of Service Modem Proactive Maintenance Business Telephone User Management Transportation Trending Legislation IT Budget Optimization WPA3 G Suite Cabling Current Events Biometric E-Commerce Virtual Assistant Websites Telephony IT Technicians Geography Digital Mobile VoIP Backup and Disaster Recovery Mobile Computer Care WannaCry Vendor Finance Hard Disk Drives Specifications Automobile Managed IT Service Cookies Database Management IT Assessment Cache Taxes Hard Disk Drive Network Congestion Batteries Peripheral Bookmarks Emoji Social Networking Solid State Drives Virtual Machines Fleet Tracking Tech Terms Google Drive Star Wars Humor Projects Gamification Features Wasting Time Statistics SharePoint Mirgation High-Speed Internet Spyware Cyber security Human Error Firefox IT Solutions Processors Permissions ROI Technology Laws Legal Law Enforcement Wireless Technology 5G Staff End of Support Smart Devices Authentication Mail Merge USB Tech Support Break Fix Nanotechnology Cortana GDPR Digitize Personal Information Safety Hotspot Education PCI DSS Favorites Teamwork Shortcut Private Cloud IBM Black Friday Motherboard Options Credit Cards Asset Tracking Theft Techology Fraud Disaster Office Tips Return on Investment Outsource IT Database Bluetooth Downloads Update Migration Development MSP Permission Lenovo Hacker Shadow IT Notes Heating/Cooling Unified Threat Management Gadget Operations Managing Stress WiFi VoIP Sensors Authorization Address Budget Screen Reader Software Tips Disaster Resistance Virus Language eWaste Conferencing Shared resources Technology Tips Cyber Monday Mobile Computing Wireless Internet Holidays OneNote Financial Cybercrime Active Directory Laptop Cyberattacks Voice over Internet Protocol Multi-Factor Security Chatbots Cables Windows Server 2008 Test Superfish Fun CRM Public Cloud Domains Cleaning Motion Sickness Printers Hard Drives Hacks Public Speaking Emergency Presentation Lithium-ion battery Students Relocation Regulation Staffing Sync IT Consultant CrashOverride Marketing Mobile Device Managment Competition Error Administrator Hiring/Firing IP Address