As you probably have already heard there is a ton of talk about being PCI DSS compliant and for good reason, identity theft is more common than hay fever. The Payment Card Industry, better known as MasterCard and VISA require banks, member service providers and merchants to protect cardholder information by adhering to a set of security standards. The Payment Card Industry security standard (PCI) includes MasterCard’s Site Data Protection (SDP) program and Visa’s Cardholder Information Security Program (CISP).

It is now required that every business be PCI compliant. To do so means following a regimented set of guidelines.

Such as:

1.  Determining what level of compliance is required for your business.

1. Level 1: Greater than 6 million credit card transactions per year or ANY business that has succumbed to a data breach or any business deemed Level 1 by card associations.
2. Level 2:  Any merchant processes more than 1 million transactions regardless of channel.
3. Level 3:  Any merchant who processes more than 20,000 on line transactions per year.
4. Level 4: Less than 20,000 e commerce transactions or 1 million total transactions per year.

2. Fill out the self-assessment questionnaire. Call us to inquire.
3. Fix every area to which you answered “no” on the self assessment questionnaire.
4. Hire an approved scanning vendor to perform quarterly scans of all external networks.
5. Fix and maintain any failed area of the scan.
6. For all Level 1 merchants – Complete an annual on-site audit by a qualified security assessor.

Once all the steps are completed you are now PCI compliant. If you have any questions feel free to call us or refer to the PCI Security Standards website.