PCI Compliance explained
PCI DSS (Payment Card Industry Data Security Standard) is a set of requirements designed to ensure all businesses, regardless of size, that handle credit card information maintain a secure environment. It was created by the five major card schemes; American Express, JCB, Visa, MasterCard and Discover Financial Services to prevent and reduce card data fraud.
In September 2006, the PCI Security Standards Council (PCI SSC) an independent body ran by the 5 major card brands, was created with the purpose of managing and improving the payment security procedures. Even though it does not have any legislative power, the Standards Council can apply fines, increase transaction fees or terminate the relationship with the merchant if they fail to comply.
However, payment brands and acquirers remain responsible for PCI compliance, not the Council. New EU rules could cost UK companies up to £122bn in fines in 2018.
Based around 6 core principles, PCI DSS aims to:
- Build and maintain a secure network and systems
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
Usually for a merchant to be declared PCI compliant, the process will involve internal scans, penetration tests and file monitoring for the cardholder data environment. If customers need transference to a third-party website during transaction, then the third-party IP address needs to be submitted to the scan as well.
4 merchant categories
There are 4 merchant categories. Depending on which category you fall into, there is a certain level of PCI compliance required.
These levels are:
Level 1: Merchants processing over six million Visa transactions per year, regardless of transaction channel.
Level 2: Merchants processing one million to six million Visa transactions per year, regardless of transaction channel.
Level 3: Merchants processing 20,000 to 1 million Visa transactions per year, e-commerce transactions.
Level 4: Merchants processing fewer than 20,000 Visa e-commerce transaction, and all other merchants processing up to 1 million Visa transactions per year, regardless of transaction channel.
Payment Card data loss can be costly. In 2015, Target, an American retailer whose database was breached in 2013 affecting 70 million customers, was left with a payout of $116m in settlements to MasterCard and Visa and a class action lawsuit.
How we can help you become PCI compliant
With the rise in data breaches it has never been more important to protect your business and your team members. Malware attacks and remote access attacks are increasing year on year at an exponential rate, so it is important to take the correct precautions and become more compliant.
Paws Studio will quickly complete the automatable PCI compliance checks, explain where and why you have passed or failed and offer advice to help you become PCI DSS compliant quickly and easily. This type of automation relieves the human pressures and allows your support/technical personal more time to implement strategy.
You can trial Paws Studio for free here.