PCI stands for the Payment Card Industry. Being compliant with their standards is the key to being an online vendor and being able to process credit card transmissions.
It’s all about the security of user's’ information. Fraud and Identity theft continues to evolve and become an even bigger issue in our society. Ensuring your online store is PCI compliant is absolutely critical to your business’ longevity. If you were to suffer an attack and distribute saved information, or information you were not supposed to be holding you may be liable to fines, lawsuits or other penalties.
PCI compliant businesses and vendors have to undergo testing and various regulations to keep things on track. If you are found to be PCI noncompliant you and you alone will be held responsible.
PCI Compliance Providers:
There are two different levels of PCI Service Level Providers. Each have different levels of requirements for each credit card company.
Service Provider Level 1:
- Handles more than 300,000 transactions annually. (That’s 300,000 for a single credit card, Visa or Mastercard)
- Has to undergo a quarterly ASV Scan. (Approved Scan Vendor)
- Has to have an annual onsite assessment by a QSA (Qualified Security ASsessor)
- Fill out an Attestation of Compliance Form
Service Provider Level 2:
- Handles less than 300,000 transactions annually. (Less than 300,000 for a single credit card, if your total transactions are over 300,000 you may not apply yet)
- Has to undergo a quarterly ASV scan. (Approved Scan Vendor)
- Has to fill out an SAQ questionnaire once per year. (Self-Assessment Questionnaire)
PCI Compliance Tools:
PCI compliance can sometimes be confusing and difficult for smaller businesses to handle. Thankfully there are companies out there that will assist you in ensuring you are PCI compliant. Many of these can also conduct ASV scans for you. There are many tools available online to assist in becoming PCI compliant. All of these tools to assist you in becoming PCI compliant:
- GFI LanGuard
- EventLog Analyzer
Data & Certification:
In order to get the proper data & certification you need to go through a Qualified Security Assessor. These will perform tests and determine the safety of your data. In order to meet the guidelines you should follow a lot of the following tips.
Doing Things the Right Way:
- Don’t keep customers credit card data if you’re not properly authorized to do so. Keeping information without permission or the proper safeguards is one of the fastest ways to lose certification.
- Keep great encryption on your customers data. Included with that, make sure you’ve got many layers of protection. There’s always the potential of it being breached. But the goal is to make it as close to foolproof as possible.
- Verify that everything you do follows all payment application security standards. When you’re planning any changes on reconfiguring your infrastructure you should always check how this may affect or damage your compliance.
- All of your third parties need to also be PCI compliant with full PCI DSS completed. It’s absolutely key that you take responsibility for all of your third parties. They are considered to be extensions of your business.
- If you have specific terminals or email receipts you need to make sure that they are protecting identifying credit card information.