  |
 |
|
PCI-Compliance List of Categories
- What is Payment Card Industry (PCI) Compliance?
- Do I need to become compliant?
- What kind of a scan needs to be performed?
- What if a vulnerability is found during a scan?
- How long does it take to become compliant?
- How do I report compliance?
- What happens if I am not compliant?
- What are my requirements for PCI Compliance?
- What is Payment Card Industry (PCI) Compliance?
Payment Card Industry (PCI) Compliance is a set of security standards that were created by the major credit card companies (American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International) to protect their customers from increasing identity theft and security breaches.
To top
- Do I need to become compliant?
Any company that accepts, processes, or stores credit card information needs to comply with the standards set by the Payment Card Industry.
To top
- What kind of a scan needs to be performed?
Vulnerability Assessment Scans must be performed by Payment Card Industry Approved Scanning Vendors (ASV). The scan will be performed over all externally facing IP addresses that touch the credit card acceptance, transmission and storage process. Scans must be turned into the merchant bank on a quarterly basis.
To top
- What if a vulnerability is found during a scan?
If a level 3,4 or 5 vulnerability is found during a PCI Scan, the company will not receive a passing PCI Scan report.
To top
- How long does it take to become compliant?
The PCI compliance process can take anywhere from one day to two weeks. The amount of time it takes for a company to be considered PCI Compliant is dependent on the threats the PCI scan discovers and the amount of time it takes to complete the self assessment questionnaire.
To top
- How do I report compliance?
Both the passing PCI Scan and Annual Self Assessment Questionnaire should be turned into your merchant bank. Your merchant bank will then report back to the Payment Card Industry that your company is PCI Compliant.
To top
- What happens if I am not compliant?
Failure to comply with the Payment Card Industry security standards may result in heavy fines, restrictions or permanent expulsion from card acceptance programs.
To top
- What are my requirements for PCI Compliance?
The requirements for becoming Payment Card Industry (PCI) Compliant are dependent upon the merchant level that a company falls under. Merchants are divided into four different levels based on the number of transactions they process throughout a year.
Level 1 Criteria
Merchants with over 6 million transactions a year
Merchants whose data has been compromised
Level 1 Requirements
Annual Onsite Security Audit and quarterly network security scan
Level 2 Criteria
Merchants with 150,000 to 6 million transactions a year
Level 2 Requirements
Annual Self Assessment Questionnaire
Quarterly Scan by an Approved PCI Scanning Vendor
Level 3 Criteria
Merchants with 20,000 to 150,000 transactions a year
Level 3 Requirements
Quarterly Scan by an Approved PCI Scanning Vendor
Annual Self Assessment Questionnaire
Level 4 Criteria
Merchants with less than 20,000 transactions
Level 4 Requirements
Need to report compliance but must maintain compliance.
To top
|
