2 minute read
PCI DSS COMPLIANCE
OVERVIEW:
Over the next few months we will be reminding you of the importance of pci compliance and its importance to the merchants you do business with.
Advertisement
As you know, PCI DSS compliance is mandatory for all merchants that store,process or transmit card holder information. The following information is intended to assist you to educate merchants on PCI DSS and why it is important for them to achieve and maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS).
As payment card data remains one of the easiest types of data to convert to cash it is therefore the preferred choice of criminals. Merchants are at the centre of payment card transactions, so it is imperative that they use standard security procedures and technologies to thwart theft of card holder data. With so much riding on customer data, securing it is more important than ever.
WHAT IS PCI DSS:
PCI DSS is a set of 12 comprehensive requirements for any business that stores, processes or transmits payment card data. The Standard represents common sense steps that mirror best practices and provides a framework for a secure payments environment. A merchant's card-handling practices and processing environment determine which PCI DSS requirements apply to their business
CRITERIA
Over 6 million Visa or MasterCard transcations in a 12 month period
Between 1 and 6 million Visa or MasterCard transactions in a 12 month period
Between 20,000 and 1 million Visa or MasterCard ecommerce transactions in a 12 month period
Less than 20,000 eommerce or less than 1 million transactions with one card brand in a 12 month period
REQUIREMENTS
Onsite Assessment performed by QSA Quarterly network scans
Assessment Questionnaire performed by accredited internal staff or onsite assessment by QSA Quarterly network scans
Self-Assessment Questionnaire SAQ Quarterly network scans
Self-Assessment Questionnaire SAQ Quarterly network scans Submission to acquirer not mandatory
VALIDATION OF COMPLIANCE
Your acquirer/ payment processor may require submission of documentation depending on your data security reporting level in order to validate PCI DSS compliance, such as:
Report on Compliance (ROC)
Self Assessment Questionnaire (SAQ) and Attestation of Compliance
"Clean" security vulnerability scan by an Approved Scanning Vendor (ASV)
Use of a Payment Application Data Security Standard (PA DSS) complaint payment application
VULNERABILITY SCANS
Why is scanning important? The benefit of having a quarterly network scan is to ensure your payment environment is sealed off to individuals with malicious intent. In addition to safeguarding your customer's card holder data, performing network scans is a requirement for ongoing PCI DSS compliance.
These scans are non-intrusive tests that involve probing external-facing systems and reporting on the services available through your internet connection. For a complete list of approved scanning vendors, visit the PCI Security Standards Council website.
