OMNI Solutions Group Blog

OMNI Solutions Group has been serving the Washington D.C. metropolitan area since 1994, providing IT Support such as technical help-desk support, computer support, and consulting to small and medium-sized businesses.

Let’s Help You Understand PCI Compliance

Let’s Help You Understand PCI Compliance

Nowadays, every business accepts payment cards. To protect people’s personal and financial information when conducting transactions using credit, debit, and gift cards, the companies that stand to lose the most if these transactions are compromised: Visa, Mastercard, Discover, and American Express, have implemented industry-wide compliance regulations. This regulation is called PCI DSS, short for Payment Card Index Digital Security Standard. Let’s take a brief look at this regulation.

Understanding PCI Compliance

The credit card companies listed above make up what is called the PCI Security Standards Council. They have created a mandate that any business who wants to accept payment cards needs to adhere to. That means every business. So from the largest multinational corporation to the smallest street vendor, if that company needs to accept payment by credit, debit, or affiliated gift cards, they need to be PCI compliant.

This means that any business that stores information or processes payment using digital payment cards would have to maintain PCI compliance. Here are 10 actions those business need to take to meet compliance regulations:

  1. Change passwords from system default
  2. Install all sufficient network security tools (antivirus, firewalls, etc.) that will work to protect card data
  3. Encrypt transmission of card data across public networks
  4. Restrict the transmission of card and cardholder data to “need to know” basis
  5. Assign user ID to all users with server or database access
  6. Make efforts to protect physical and digital access to card and cardholder data
  7. Monitor and maintain system security
  8. Test system security regularly
  9. Create written policies and procedures that address the importance of securing cardholder data
  10. Train your staff on best practices of accepting payment cards

Fortunately, many businesses already do these things to keep the data they store safe. Companies that don’t will likely be in breach of the regulation, and therefore, face the ire of PCI regulators. 

PCI and Business Size

According to PCI regulators, the size of your business is in direct proportion to the amount of risk you take on. That’s why PCI Security Council mandates break businesses into four different merchant levels. They are:

  • Merchant Level #1 - A business that processes over six million payment card transactions per year.
  • Merchant Level #2 - A business that processes between one million-to-six million payment card transactions per year.
  • Merchant Level #3 - A business that processes between 20,000-to-one million e-commerce payment card transactions per year.
  • Merchant Level #4 - A business that processes less than 20,000 e-commerce payment transactions, and fewer than one million overall payment card transactions per year.

Let’s take a look at the responsibilities businesses in each merchant level have to stay PCI compliant:

Merchant Level #1
Doing massive business online and otherwise brings with it more responsibility. To maintain PCI compliance, Level one merchants need to:

  • Perform a yearly Report on Compliance (ROC) through a Qualified Security Assessor (QSA)
  • Allow an Approved Security Vendor (ASV) to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #2
As transactions begin to decrease there are less stringent standards. Level two’s include:

  • Perform a yearly Self-Assessment Questionnaire (SAQ)
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #3
Many medium-sized businesses will fall under this level and need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #4
The majority of small business fall into level #4 status and like levels two and three need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council record

Data privacy is more important now than ever, and the payment card industry does a wonderful job policing their own. Companies found not to be in compliance with PCI DSS requirements face severe financial penalties, higher levels of scrutiny, and even the revocation of card processing privileges. 

If you would like to know more about PCI DSS compliance or any other regulation that concerns your information technology, call OMNI Solutions Group today at 301-869-6890. 

Comments

 
No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, 23 January 2021
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Technology Cloud Privacy Hackers Hosted Solutions Best Practices Backup Internet Business Business Computing IT Services Productivity Business Continuity Google Software Hardware Malware Windows 10 Miscellaneous Innovation Computer Mobile Device Management Disaster Recovery Microsoft VoIP Mobile Computing Mobile Devices Efficiency Data Windows Network Security Workplace Tips Managed Service Provider Smartphone Server IT Support Upgrade Email Save Money communications Virtualization Best Practice Chrome Android Employer-Employee Relationship User Tips Small Business Office Budget Holiday Microsoft Office Telephone Systems Recovery Application BYOD Apps VPN Managed IT Information Technology Quick Tips Hacking IT solutions Network Data Management Outsourced IT Ransomware Communication Computers Operating System Saving Money Automation Lithium-ion battery Wireless Technology Smartphones Tablet Managed IT Services Business Intelligence Avoiding Downtime Hard Drives Disaster Gmail Going Green Bandwidth Firewall The Internet of Things Remote Computing Social Engineering Unified Threat Management Proactive IT Cost Management BDR Administration Spam Facebook Big Data WiFi DDoS Customer Service Alert Phone System Password Social Gadgets Hosted Solution Streaming Media Government Mobility Telephony Biometrics Cybercrime Office Tips Browser Remote Monitoring Private Cloud Risk Management Network Congestion Passwords Health Humor Education IT Technicians IT consulting User Error Colocation Document Management Uninterrupted Power Supply Bloatware Applications Storage hacker Save Time Analytics Internet of Things PowerPoint Collaboration Entertainment Laptop Trending Regulations Shortcut iPhone Benefits HIPAA Sports Presentation SharePoint Touchpad Update Reliable Computing Distributed Denial of Service Search Branding Safety Files Teamwork Two-factor Authentication Excel eWaste Retail Money Emergency Chromecast User Meetings Operating Sysytem intranet Cameras IT service Cybersecurity Virtual Reality Administrator Best Available Television Apple Saving Time Computer Accessories Solid State Drive Science Printer Buisness Domains Data Breach Access Customer Relationship Management History Mouse Social Media Printer Server Transportation App Law Enforcement Avoid Downtime Near Field Communication Instant Messaging Robot SaaS Wearable Technology Virtual Desktop Reputation Networking Tech Support WIndows 7 Bluetooth Data storage Phishing HaaS Running Cable Maintenance Business Management Human Resources Marketing Shadow IT Internet Exlporer Managing Stress Antivirus Fax Server Google Drive