PCI Compliance – Payment Card
Industry Data Security Standard is a
set of requirements designed to ensure all businesses which handle credit card
information maintain a secure environment. It was created by the five major
card schemes like American Express, JCB, Visa, MasterCard and Discover Financial
Services to prevent and reduce card data fraud. Even though it does not have
any legislative power the regulators can apply fines, or increase transaction
fees or terminate the relationship with the merchant.
 |
| Source: bigcommerce.com |
Even more to the benefit of
individuals running businesses from home, PCI compliance can at least offer
guidance on security measures, since intruders do focus on the home users as
“easy targets” with home run applications that are not adequately protected.
For all external facing IP
address merchants that store cardholder data, a quarterly scan by a PCI
Approved Scanning Vendor is compulsory to validate the compliance.
Usually for a merchant to be
declared compliant, the process will involve internal scans, penetration tests
and file monitoring for the cardholder data environment. If customers need
transference to a third-party website during transaction, then the third-party
IP address needs to be submitted to the scan as well.
PCI DSS guide on security
requirements consists of six rules:
· Build and maintain a secure network and systems
· Protect cardholder data
· Maintain a vulnerability management program
· Implement strong access control measures
· Regularly monitor and test networks
· Maintain an information security policy
· Build and maintain a secure network and systems
· Protect cardholder data
· Maintain a vulnerability management program
· Implement strong access control measures
· Regularly monitor and test networks
· Maintain an information security policy
PCI compliance council categorises
merchants under 4 levels:
1. Merchants processing over six million Visa transactions per year, regardless of transaction channel.
2. Merchants processing one million to six million Visa transactions per year, regardless of transaction channel.
3. Merchants processing 20,000 to 1 million Visa transactions per year, e-commerce transactions.
4. Merchants processing fewer than 20,000 Visa e-commerce transaction, and all other merchants processing up to 1 million Visa transactions per year, regardless of transaction channel.
1. Merchants processing over six million Visa transactions per year, regardless of transaction channel.
2. Merchants processing one million to six million Visa transactions per year, regardless of transaction channel.
3. Merchants processing 20,000 to 1 million Visa transactions per year, e-commerce transactions.
4. Merchants processing fewer than 20,000 Visa e-commerce transaction, and all other merchants processing up to 1 million Visa transactions per year, regardless of transaction channel.
No comments:
Post a Comment
Did you find our blog useful? Let us know! We would love to hear your thoughts, opinions and comments regarding any of our blog posts.