Microsoft Dynamics vendors provide comparisons and opinions to professionals in the ERP/Accounting software selection process

 
 

iSolutions

What is PCI Compliance?


Email | Print

The Importance of PCI Compliance

In 2004, the major card brands banded together to combine their compliance standards, creating the Payment Card Industry Security Standards Council (PCI SSC). This Data Security Standard (DSS) was developed as a response to increasing attempts of hackers stealing information. Credit card information is sensitive data that must be properly secured. The Payment Card Industry requires all merchants who accept card payments to be compliant with their standards in order to assess any vulnerabilities and reduce the risk of a data breach. This is done for the protection of both the cardholder and the merchant.

PCI compliance is mandatory for all merchants, regardless of size, who accept or process credit cards. The purpose of PCI compliance is to ensure all networks are secured and that merchants are taking and storing credit card information safely. It requires continuous monitoring throughout each year in order to be maintained, as the standard is constantly being improved to stay up-to-date with possible threats. The 12 requirements of PCI Compliance are listed here.

 

Levels of Compliance

Depending on the size of your business, your requirements for PCI can vary slightly.

Level 1: Merchants processing over 6 million card transactions per year

  • Requirements:
    • Annual Report of Compliance (ROC) through a Qualified Security Assessor (QSA)
    • Quarterly network scans by Approved Scanning Vendor (ASV)
    • Attestation of Compliance form completion

Level 2: Merchants processing 1 to 6 million transactions per year

  • Requirements:
    • Annual Self-Assessment Questionnaire (SAQ)
    • Complete a quarterly network scan by ASV
    • Attestation of Compliance form completion

Level 3: Merchants handling 20,000 to 1 million transactions per year

  • Requirements:
    • Annual SAQ
    • Complete a quarterly network scan by ASV
    • Attestation of Compliance form completion

Level 4: Merchants handling fewer than 20,000 transactions per year

  • Requirements:
    • Annual SAQ
    • Complete a quarterly network scan by ASV
    • Attestation of Compliance form completion

 

What Happens If I Am Not Compliant?

Failure to become compliant could result in fines from $5,000 to $100,000 monthly, depending on your level of required compliance. Being non-compliant also increases your chances of a data breach. If this happens, the card brands may subject you and/or your processor to fines.

Ask This Expert a Question / Leave a Comment