Tuesday 10 December 2013

What Is PCI Compliance?



PCI Compliance – Payment Card Industry Data Security Standard is a set of requirements designed to ensure all businesses which handle credit card information maintain a secure environment. It was created by the five major card schemes like American Express, JCB, Visa, MasterCard and Discover Financial Services to prevent and reduce card data fraud. Even though it does not have any legislative power the regulators can apply fines, or increase transaction fees or terminate the relationship with the merchant.

Source: bigcommerce.com
PCI compliance came about in order to improve payment procedure security, but the responsibility to enforce compliance lies with the merchants and customers not with the PCI council.

Even more to the benefit of individuals running businesses from home, PCI compliance can at least offer guidance on security measures, since intruders do focus on the home users as “easy targets” with home run applications that are not adequately protected.

For all external facing IP address merchants that store cardholder data, a quarterly scan by a PCI Approved Scanning Vendor is compulsory to validate the compliance.

Usually for a merchant to be declared compliant, the process will involve internal scans, penetration tests and file monitoring for the cardholder data environment. If customers need transference to a third-party website during transaction, then the third-party IP address needs to be submitted to the scan as well.

PCI DSS guide on security requirements consists of six rules:
·         Build and maintain a secure network and systems
·         Protect cardholder data
·         Maintain a vulnerability management program
·         Implement strong access control measures
·         Regularly monitor and test networks
·         Maintain an information security policy



PCI compliance council categorises merchants under 4 levels:
1.       Merchants processing over six million Visa transactions per year, regardless of transaction channel.
2.       Merchants processing one million to six million Visa transactions per year, regardless of transaction channel.
3.       Merchants processing 20,000 to 1 million Visa transactions per year, e-commerce transactions.
4.       Merchants processing fewer than 20,000 Visa e-commerce transaction, and all other merchants processing up to 1 million Visa transactions per year, regardless of transaction channel.

No comments:

Post a Comment

Did you find our blog useful? Let us know! We would love to hear your thoughts, opinions and comments regarding any of our blog posts.