PCI stands for Payment Card Industry, and DSS stands for Data Security Standard. Why does it make sense to follow PCI Security Standards Council for PCI compliance? Many small and medium size business owners have complained about the complicated nature of the PCI data security standard, and stated that it adds to the administrative burden, regardless of whether they already have excellent security procedures in place in their enterprise. Regardless of such complaints, there are reasons of import as for why it makes sense to comply with the PCI DSS standards. The three main reasons are: Payment Card Industry has years of experience, Compliance with PCI security standard will give you ideas on how to protect your own data, and last but not least, You may not have a choice. Let's see all these reasons in detail.
They have years of experience with online transactions by the PCI industry. PCI industry is comprised of top five payment card processors, Visa, Mastercard, American Express, JBC, and Discover. Combined, they have seen every, and any type of malicious threat to their processing systems that ever existed. The old joke quotes a bank robber who they asked why he robs banks, he responded, "that is where the money is". Well, in today's language, people with malicious intent focus on payment processor sites, because "that is where the money is".
Level 3: Your company has 20,000 to 1 million Visa and/or Mastercard e-commerce transactions processed per year. You must complete a Self-Assessment Questionnaire (SAQ) annually, and this level also requires a network scan with an approved scanning vendor. Level 4: You have less than 20,000 Visa and/or Mastercard e-commerce transactions processed per year. Must complete a Self-Assessment Questionnaire (SAQ) annually, and requires a network scan with an approved scanning vendor.
Now, how do you know which SAQ (Self-Asssessment Questionnaire) to fill out? You need to find which merchant type best fits your company profile: A: E-commerce, mail or telephone order merchants that do not store cardholder data (CD). All cardholder data functions are outsourced. This does not include face-to-face merchants. B: Merchants that do not store electronic cardholder data. Instead, this applies to merchants that use an imprint machine to copy cardholder information. Also applies to standalone, dial-out terminal merchants. C-VT: Web-based virtual terminal merchants that do not store electronic cardholder data. C: Merchants that use a payment application system connected to the Internet and do not store electronic cardholder data. If using a software vendor for the payment application system, they must take security measures to ensure the app meets PCI compliance. D: This includes all of the other merchants that aren't included in the above categories, including all service providers defined as eligible to complete a SAQ and approved by a payment brand.
They may also charge you higher fees. On the other hand, if you continue to process transactions through Visa and Mastercard when non PCI compliant, and avoiding a PCI audit, you may face steep fees and penalties, especially in the case of the breach and compromise of cardholder information. Don't take PCI compliance lightly, it is really important.
They have years of experience with online transactions by the PCI industry. PCI industry is comprised of top five payment card processors, Visa, Mastercard, American Express, JBC, and Discover. Combined, they have seen every, and any type of malicious threat to their processing systems that ever existed. The old joke quotes a bank robber who they asked why he robs banks, he responded, "that is where the money is". Well, in today's language, people with malicious intent focus on payment processor sites, because "that is where the money is".
Level 3: Your company has 20,000 to 1 million Visa and/or Mastercard e-commerce transactions processed per year. You must complete a Self-Assessment Questionnaire (SAQ) annually, and this level also requires a network scan with an approved scanning vendor. Level 4: You have less than 20,000 Visa and/or Mastercard e-commerce transactions processed per year. Must complete a Self-Assessment Questionnaire (SAQ) annually, and requires a network scan with an approved scanning vendor.
Now, how do you know which SAQ (Self-Asssessment Questionnaire) to fill out? You need to find which merchant type best fits your company profile: A: E-commerce, mail or telephone order merchants that do not store cardholder data (CD). All cardholder data functions are outsourced. This does not include face-to-face merchants. B: Merchants that do not store electronic cardholder data. Instead, this applies to merchants that use an imprint machine to copy cardholder information. Also applies to standalone, dial-out terminal merchants. C-VT: Web-based virtual terminal merchants that do not store electronic cardholder data. C: Merchants that use a payment application system connected to the Internet and do not store electronic cardholder data. If using a software vendor for the payment application system, they must take security measures to ensure the app meets PCI compliance. D: This includes all of the other merchants that aren't included in the above categories, including all service providers defined as eligible to complete a SAQ and approved by a payment brand.
They may also charge you higher fees. On the other hand, if you continue to process transactions through Visa and Mastercard when non PCI compliant, and avoiding a PCI audit, you may face steep fees and penalties, especially in the case of the breach and compromise of cardholder information. Don't take PCI compliance lightly, it is really important.
About the Author:
Learn more about PCI Compliance. Stop by Karen Carter's site where you can find out all about the PCI Compliance Standards and what it can do for you.
No comments:
Post a Comment