Merchants 5 Step Guide
To PCI Compliance

   Step 1: An Introduction to PCI Compliance

   Step 2: Finding PCI DSS Level

   Step 3: Security Audits: 12 Requirements

   Step 4: Finding a PCI DSS Approved Scanning Vendor (ASV)

   Step 5: Completing the PCI DSS Self Questionnaire


 ISO / Acquirers 5 Step Guide
To PCI Compliance

   Introduction

   Step 1: Engage all resources

   Step 2: Identify and confirm a partner

   Step 3: Make your merchants aware of PCI Compliance

   Step 4: Supply tools to merchant

   Step 5: Implement and track

   Other considerations


 PCI COMPLIANCE
INFO

   New PCI Compliance 1.1 Standards

   PCI Compliant Basics

   PCI Compliance & Consumers

   Implementing PCI Compliance

   PCI Compliant Scan

   Further PCI Compliance Resources

   PCI Compliance Polls & Surveys


 PCI COMPLIANT
VENDORS

   Find PCI Scan Vendors

 About Us

   Contact Us

   PCI Compliance News

   SiteMap

   SSL Certificate

   EV SSL Certificate Guide






PCI Compliance
Business Owners / IT Managers Guide

PCI Standards must be met by all businesses that take credit/debit or paycards from the top four major card industry providers: American Express, Discover, MasterCard and Visa. PCI Compliance Standards are not laws – they are contractual obligations with the credit card companies. Credit card companies may enforce the terms of their contracts by imposing fines and/or sanctions against companies who do no comply with the standards for each credit card company.

What is Payment Card Industry (PCI) Compliance?

Payment Card Industry (PCI) Compliance is a set of security standards that were created by the major credit card companies (American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International) to protect their customers from increasing identity theft and security breaches.

Do I need to become compliant?

Any company that accepts, processes, or stores credit card information needs to comply with the standards set by the Payment Card Industry.

What are my requirements for PCI Compliance?

The requirements for becoming Payment Card Industry (PCI) Compliant are dependent upon the merchant level that a company falls under. Merchants are divided into four different levels based on the number of transactions they process throughout a year.

Level 1 Criteria
Merchants with over 6 million transactions a year
Merchants whose data has been compromised

Level 1 Requirements
Annual Onsite Security Audit and quarterly network security scan

Level 2 Criteria
Merchants with 150,000 to 6 million transactions a year

Level 2 Requirements
Annual Self Assessment Questionnaire
Quarterly Scan by an Approved PCI Scanning Vendor

Level 3 Criteria
Merchants with 20,000 to 150,000 transactions a year

Level 3 Requirements
Quarterly Scan by an Approved PCI Scanning Vendor
Annual Self Assessment Questionnaire

Level 4 Criteria
Merchants with less than 20,000 transactions

Level 4 Requirements
No need to report compliance but must maintain compliance.

What kind of a scan needs to be performed?

Vulnerability Assessment Scans must be performed by Payment Card Industry Approved Scanning Vendors (ASV). The scan will be performed over all externally facing IP addresses that touch the credit card acceptance, transmission and storage process. Scans must be turned into the merchant bank on a quarterly basis.

How long does it take to become compliant?

The PCI compliance process can take anywhere from one day to two weeks. The amount of time it takes for a company to be considered PCI Compliant is dependent on the threats the PCI scan discovers and the amount of time it takes to complete the self assessment questionnaire.

How do I report compliance?

Both the passing PCI Scan and Annual Self Assessment Questionnaire should be turned into your merchant bank. Your merchant bank will then report back to the Payment Card Industry that your company is PCI Compliant.

What happens if I am not compliant?

Failure to comply with the Payment Card Industry security standards may result in heavy fines, restrictions or permanent expulsion from card acceptance programs.

Sponsored Listing:
 Advertising Feature
  • ControlScan is an Approved PCI Scanning Vendor.
  • Get a free PCI Compliance Vulnerability Scan and see if your network meets the PCI Compliance Standards
  • ControlScan offers packages from 1 IP to 10,000 IPs
Sign-up for a free PCI Compliance Scan Today

|  Home  |  About PCI Compliance |  For Acquirers |  Find PCI Compliance Solutions | 
|  Preventing Data Breaches |  Managing Data Breaches |  Contact Us |    EV SSL Certificate Guide | 
© 2008 PCI Compliance Guide.org
   All right reserved - do not copy any material without written permission.