Contact us today!

FRS Pros Blog

Let’s Help You Understand PCI Compliance

Let’s Help You Understand PCI Compliance

Nowadays, every business accepts payment cards. To protect people’s personal and financial information when conducting transactions using credit, debit, and gift cards, the companies that stand to lose the most if these transactions are compromised: Visa, Mastercard, Discover, and American Express, have implemented industry-wide compliance regulations. This regulation is called PCI DSS, short for Payment Card Index Digital Security Standard. Let’s take a brief look at this regulation.

Understanding PCI Compliance

The credit card companies listed above make up what is called the PCI Security Standards Council. They have created a mandate that any business who wants to accept payment cards needs to adhere to. That means every business. So from the largest multinational corporation to the smallest street vendor, if that company needs to accept payment by credit, debit, or affiliated gift cards, they need to be PCI compliant.

This means that any business that stores information or processes payment using digital payment cards would have to maintain PCI compliance. Here are 10 actions those business need to take to meet compliance regulations:

  1. Change passwords from system default
  2. Install all sufficient network security tools (antivirus, firewalls, etc.) that will work to protect card data
  3. Encrypt transmission of card data across public networks
  4. Restrict the transmission of card and cardholder data to “need to know” basis
  5. Assign user ID to all users with server or database access
  6. Make efforts to protect physical and digital access to card and cardholder data
  7. Monitor and maintain system security
  8. Test system security regularly
  9. Create written policies and procedures that address the importance of securing cardholder data
  10. Train your staff on best practices of accepting payment cards

Fortunately, many businesses already do these things to keep the data they store safe. Companies that don’t will likely be in breach of the regulation, and therefore, face the ire of PCI regulators. 

PCI and Business Size

According to PCI regulators, the size of your business is in direct proportion to the amount of risk you take on. That’s why PCI Security Council mandates break businesses into four different merchant levels. They are:

  • Merchant Level #1 - A business that processes over six million payment card transactions per year.
  • Merchant Level #2 - A business that processes between one million-to-six million payment card transactions per year.
  • Merchant Level #3 - A business that processes between 20,000-to-one million e-commerce payment card transactions per year.
  • Merchant Level #4 - A business that processes less than 20,000 e-commerce payment transactions, and fewer than one million overall payment card transactions per year.

Let’s take a look at the responsibilities businesses in each merchant level have to stay PCI compliant:

Merchant Level #1
Doing massive business online and otherwise brings with it more responsibility. To maintain PCI compliance, Level one merchants need to:

  • Perform a yearly Report on Compliance (ROC) through a Qualified Security Assessor (QSA)
  • Allow an Approved Security Vendor (ASV) to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #2
As transactions begin to decrease there are less stringent standards. Level two’s include:

  • Perform a yearly Self-Assessment Questionnaire (SAQ)
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #3
Many medium-sized businesses will fall under this level and need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #4
The majority of small business fall into level #4 status and like levels two and three need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council record

Data privacy is more important now than ever, and the payment card industry does a wonderful job policing their own. Companies found not to be in compliance with PCI DSS requirements face severe financial penalties, higher levels of scrutiny, and even the revocation of card processing privileges. 

If you would like to know more about PCI DSS compliance or any other regulation that concerns your information technology, call FRS Pros today at 561-795-2000. 

What We Can Learn from Some Foreboding Security Pr...
Tip of the Week: How to Keep Your Wireless Printer...

By accepting you will be accessing a service provided by a third-party external to

Mobile? Grab this Article!


Tag Cloud

Tip of the Week Security Technology Best Practices Productivity Business Computing Network Security Privacy Internet Hackers User Tips Software Cloud Efficiency Google Microsoft Innovation Hardware Data Business Management Hosted Solutions Computer Communication Email Windows 10 Smartphones Malware Tech Term Cybersecurity Data Backup Mobile Devices Small Business IT Support IT Services Business Backup Disaster Recovery Workplace Tips Android Outsourced IT Smartphone Upgrade Office 365 Data Recovery Browser Collaboration Windows VoIP Internet of Things Gadgets Phishing Users Communications Apps Cloud Computing Cybercrime Ransomware Business Continuity Information Data Security Network Automation Saving Money Managed IT Services Passwords Miscellaneous Facebook Operating System Managed Service Mobile Device Management Microsoft Office OneNote Alert Law Enforcement Social Media Health Employer-Employee Relationship Quick Tips Covid-19 Blockchain Wireless Server Two-factor Authentication Vulnerability Money Artificial Intelligence Managed IT Services Networking Mobile Device Information Technology IT Support Managed IT Virtualization Applications Spam Chrome Mobile Office Holiday Best Practice Password Word Conferencing Windows 7 Hacking Project Management Patch Management Windows 10 Managed Service Provider Gmail Save Money Data Breach Computers Bandwidth Unsupported Software Augmented Reality BYOD Router Access Control App Google Drive Settings Printing Bring Your Own Device Telephone Systems Tech Support Data Storage Retail Telephony WiFi Remote Workers Cortana Voice over Internet Protocol Government Data Loss Robot Wi-Fi Update Business Technology Audit Politics Meetings The Internet of Things Google Docs Shortcut Software as a Service Data Protection Wireless Charging Display VPN iPhone Devices Hard Drive Human Resources BDR Cost Management IT Management History Payment Cards Marketing Travel Commerce Budget WannaCry Excel Management File Sharing Application Wireless Technology Paperless Office Hosted Solution Search Fraud Encryption Data Management Avoiding Downtime Mobility Safety Mobile Security Evernote SaaS Battery Vendor Productivity Proactive IT HIPAA Google Assistant User Error Sports Going Green Social Hybrid Cloud Touchscreen Risk Management Remote Work Wireless Internet Saving Time Identities Point of Sale Employee-Employer Relationship iOS WIndows Server 2008 Server Maintenance Entertainment Value Internet Exlporer Wasting Time Benchmarks Policy Ciminal Keyboard Medical IT Windows 10s HBO Smart Devices Charger Computer Care Nanotechnology Micrsosoft Audits Device Security Amazon Downtime Screen Mirroring Humor Holidays Data Theft Identity Theft Data Privacy Investment Net Neutrality Adobe Workers Gamification Uninterrupted Power Supply Keyboard Shortcuts Unified Threat Management Managed IT Service Legislation Language Office Accessory Myths Procedure 5G Solid State Drive Sabotage Troubleshooting Personal Information Root Cause Analysis Business Intelligence Solutions Windows Ink Virtual Assistant E-Commerce Emails Cast Copiers Gifts Computing Vendor Management ROI Reputation Internet Service Provider Licensing Updates Memory Upgrades Managed Services Provider Comparison Scam Testing Computer Fan Computer Forensics DDoS Peripheral Data storage Threats Video Conferencing Microsoft Excel IT budget Education Files YouTube Hard Disk Drive PC CRM Outlook Chromebook Recovery Co-Managed Services Remote Computing Digital Signage Printer Google Maps Spyware Alexa for Business Disaster Inventory Credit Cards App store Samsung Windows Server 2008 R2 Microsoft Word Financial Payroll Facebook Privacy Specifications Virus Camera Legal Scams Organization Employees IT Solutions AI Telephone Administrator Firewall PCI DSS Apple Employee Webinar Antivirus Transportation Workstation Tablets Maintenance Lithium-ion battery Security Cameras Consultant Laptop eCommerce Sales Proactive Projects Streaming Media Training Sync PowerPoint Admin Remote Monitoring Virtual Private Network Storage Social Engineering OneDrive Smartwatch Private Cloud Hyperlink Access Processor Regulations Compliance Edge Instant Messaging Hacker Compliance Break/Fix IT solutions Hosted Desktop FAQ Development Telework NFL eWaste Emergency Machine Learning Touchpad Fiber Optics Websites Identity Printers Chromecast Scalability Analytics Congratulations End of Support Regulation HaaS Relocation Black Market Cleaning Big Data Automobile Twitter Managing Stress USB Worker How To Books PDF Video Games Experience Hiring/Firing Mobile Computing Virtual Reality Work/Life Balance Current Events Electronic Medical Records Text Messaging Crowdsourcing Employer Employee Relationship es Phone System Cache Benefits Save Time Communitications Monitors Office tips Computer Accessories Flexibility Music Thank You Advertising Smart Technology Television CrashOverride Company Culture