BNMC Blog

By accepting you will be accessing a service provided by a third-party external to https://www.bnmc.net/

What You Need to Know About PCI Compliance

What You Need to Know About PCI Compliance

The days of the cash-only business are over. It doesn’t matter if your business is a multinational corporation or you cut grass for a living, accepting payment cards is not only convenient for your customers, most of the time it’s the most secure way to get paid. In an effort to protect the personal and financial information of consumers who have come to depend on their payment cards, the banks that back the credit card industry have developed a regulation that businesses who process cards need to adhere to. Today, we will go over this regulation and how it affects small and medium-sized businesses.

What Is PCI Compliance?

The Payment Card Index Digital Security Standard (PCI DSS) was established in 2006 as an industry-wide standard created by what is now known as the PCI Security Standards Council. Made up of the predominant credit card companies: Visa, Mastercard, American Express, and Discover, the council was established to regulate the credit card industry and manage the standards in which businesses would be held to improve consumer privacy. 

PCI standards apply to all businesses that accept payment cards. If your business stores information or processes payment using digital means, you have to maintain PCI compliance. Here are 10 actions every business that accepts payment cards needs to take:

  1. Change passwords from system default
  2. Install all sufficient network security tools (antivirus, firewalls, etc.) that will work to protect card data
  3. Encrypt transmission of card data across public networks
  4. Restrict the transmission of card and cardholder data to “need to know” basis
  5. Assign user ID to all users with server or database access
  6. Make efforts to protect physical and digital access to card and cardholder data
  7. Monitor and maintain system security
  8. Test system security regularly
  9. Create written policies and procedures that address the importance of securing cardholder data
  10. Train your staff on best practices of accepting payment cards

Again, every single business that accepts the use of payment cards needs to be sure to accomplish these 10 things. Many businesses already do these things in the normal course of doing business, but if you don’t, and you accept payment cards, you are not in compliance and face harsh consequences. 

PCI and Business Size

Once you’ve established compliance with the general guidelines, you then need to understand how your business will be judged. According to the PCI Security Standards Council there are four levels of businesses that process credit cards. They are defined as follows:

  • Merchant Level #1 - A business that processes over six million payment card transactions per year.
  • Merchant Level #2 - A business that processes between one million-to-six million payment card transactions per year.
  • Merchant Level #3 - A business that processes between 20,000-to-one million e-commerce payment card transactions per year.
  • Merchant Level #4 - A business that processes less than 20,000 e-commerce payment transactions, and fewer than one million overall payment card transactions per year.

Since a breach at level 1 will likely affect more consumers, the PCI regulatory body--that doesn’t have the means to constantly check every business--spends more time regulating larger organizations. That’s not to say that small businesses can’t face hefty fines and consumer attrition if they are non-compliant. Each level has its own specific mandate. Let’s go through them now.

Merchant Level #1
To maintain PCI compliance, Level one merchants need to:

  • Perform a yearly Report on Compliance (ROC) through a Qualified Security Assessor (QSA)
  • Allow an Approved Security Vendor (ASV) to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #2
Level two’s need to:

  • Perform a yearly Self-Assessment Questionnaire (SAQ)
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #3
Level three’s need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #4
Level four’s need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council record

Businesses found to be in noncompliance will often be subject to review and are often fined, given extra scrutiny, or have their privilege to accept payment cards revoked. This would now make it hard to do business. To talk to one of our experts about PCI DSS standards, or how to keep your business in compliance, call the IT professionals at BNMC today at 978-482-2020.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, August 09 2020

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Technology Best Practices Productivity Business Computing User Tips Privacy Cloud Email Network Security Microsoft Hackers Hosted Solutions Efficiency Software Computer Business Malware Data Communication Google Small Business IT Services Workplace Tips Hardware IT Support Mobile Devices Cloud Computing Tech Term Internet Data Recovery Smartphone Managed IT Services Android Backup Innovation Ransomware Mobile Device Outsourced IT Users Smartphones Phishing Information Upgrade Saving Money Windows Facebook Data Backup Miscellaneous Disaster Recovery VoIP Server Cybersecurity Social Media communications Office 365 Business Continuity Microsoft Office Network Business Management Browser Windows 10 Productivity Managed IT Services Internet of Things Data Management Windows 10 Passwords Word Gadgets Vulnerability Remote Monitoring App Gmail Quick Tips Managed Service Chrome Managed Service Provider Apps Artificial Intelligence Mobile Office Encryption Infrastructure Money IT Support Settings Tip of the week Remote Workers Save Money Information Technology Google Drive Employer-Employee Relationship Networking Virtual Reality Analytics VPN Access Control Website Remote Work Applications Government Router BYOD Company Culture Employee-Employer Relationship Display Spam Maintenance Collaboration Firewall WiFi Avoiding Downtime Antivirus Development Robot Content Filtering Bandwidth Automation YouTube COVID-19 HIPAA BDR Apple Risk Management Education Storage IT Management Data Security Paperless Office Business Technology Office Tips Virtual Private Network Computers Hacker Data storage Unified Threat Management Big Data Conferencing Managed Services desktop Downtime MSP Outlook Augmented Reality Computing Marketing Managing Stress Bring Your Own Device Operating System Two-factor Authentication LiFi Managed IT Service Vendor Management Social OneNote Monitors Document Management Data Breach Humor Customer Relationship Management Scam Chromebook Hosted Solution Best Practice Windows 7 IT Administration Solid State Drive Software as a Service Mouse Break Fix Social Network Wireless Search End of Support Training Going Green Hard Disk Drive Mobile Security Remote Computing SaaS Printing Server Management Compliance Business Intelligence iOS Wi-Fi Password Touchscreen Managed IT Holiday Virtualization Laptop Tablet Data loss How To The Internet of Things Regulations Telephone Systems Retail Alert Utility Computing Shortcut Distributed Denial of Service Politics IoT Digital Payment Updates VoIP Unified Threat Management Peripheral Mirgation Recycling Bluetooth Comparison Work/Life Balance Cookies Digital Alt Codes Mixed Reality Firefox Superfish Customer Service Shadow IT Cybercrime K-12 Schools Meetings Disaster Device Reducing Cost Social Networking Migration Consulting Address Permissions Memes Health Private Cloud Computing Infrastructure Professional Services LED Threats Office Samsung Laptops Budget Patch Management Tech Support Star Wars PowerPoint User Error Management Chatbots eWaste Specifications Nanotechnology Spyware Typing Gamification Wearable Technology Network upgrade Uninterrupted Power Supply Mobility Batteries Motherboard Cables Computer Care IBM Alerts USB File Sharing Co-Managed IT Current Events Heating/Cooling Multi-Factor Security Social Engineering Managed Services Provider Websites Fraud Cost Management Onboarding GDPR Time Management Printer Policy Twitter Halloween Identity Continuity Myths Black Friday Screen Reader Charging Identity Theft Slack Cryptocurrency Hard Disk Drives Smart Office Print Toner Safety Wires Corporate Profile Messaging Google Docs Emergency Holidays Licensing Dongle IT solutions Content Huawei Servers Google Calendar G Suite Entertainment Vendor Dark Web Distribution Assessment Automobile Digital Signage Hacks Data Warehouse Network Management Procedure Scary Stories Solar Shortcuts Google Wallet Mobile Management Cyber Monday Smart Tech Monitoring Bitcoin Solid State Drives Network Congestion Running Cable Work Dell Buisness Voice over Internet Protocol WannaCry Business Growth Employee-Employer Relationships Payment Card Cooperation Service Level Agreement Cabling Streaming Processor Legislation Legal Hybrid Cloud Microsoft Excel Logistics Hotspot Virtual Desktop Internet Exlporer Google Maps Troubleshooting Business Analysis SharePoint Writing PCI DSS Sports Unified Communications Security Cameras Drones Profiles Smart Technology Connectivity Spying Windows 8 National Security Techology IT Technicians Optimization Modem FinTech Analysis Students Lenovo Dark Data Inventory Update Staff Leominster Human Error Memory Statistics Deep Learning Scalability Mail Merge Blockchain Asset Management Language Value Mobile Device Management Virus Downloads Battery Mobile Data Cameras How To Tracking Recovery Cleaning Mobile Computing CCTV Black Market Law Enforcement Webcam Notifications Electronic Medical Records Financial Physical Security Error Upgrades Gadget Emoji Point of Sale Ben McDonald shares Crowdsourcing Travel Personal Information Botnet 3D Printing Regulation Supercomputer CrashOverride Cortana Staffing Motion Sickness Taxes Machine Learning Administrator Processors Unsupported Software IT Budget Web Server what was your? GPS IT Consultant Computer Repair Relocation Printers

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3