PCI DSS is an abbreviation for the Payment Card Industry Data Security Standard. It is a security standard structure designed to make sure that every company accept, practice, store or pass on credit card information in a secure environment.
The Payment
Card Industry Data Security Standard applies to every kind of organization. The
size or transaction number to accept, transmit or store cardholder data does
not matter.
Compliance levels of Payment Card
industry
All
merchants fall under 4 merchant levels, as described by Visa are -
1st
Merchant level
Regardless of approval channel -
processes more than 6M Visa transactions in a year
2nd
Merchant level
Regardless of approval channel -
Processes 1M - 6M Visa transactions in a year
3rd
Merchant level
Processes 20,000 - 1M Visa
transactions in a year
4th
Merchant level
Processes less than 20,000
transactions in a year
To fulfil PCI requirements, a
merchant must follow the given steps:
- Determine, which SAQ (Self Assessment Questionnaire) your business must use to authenticate compliance
- Conclude SAQ, according to instructions it includes
- Complete & obtain proof of passing vulnerability scan with PCI SSC approved scanning
- Complete relevant compliance attestation
- Submit SAQ, passing scan attestation and compliance attestation along with requested documentation to acquirer
Organizations using 3rd
party processors can cut down risk exposure as well as alleviate effort to
confirm PCI compliant. If your
business has multiple locations but processes under a single tax ID then you
will need to validate once yearly, for every locations.
Methods to
use for storing credit card data
Majority of merchants have to store
the data of credit cards for recurring bills. For storing credit card data use
3rd party credit card vault & tokenization provider. Vault
application allows removing card data and giving a token enables to be applied
for recurring billing. Use of 3rd party eliminates risk of storing
the card data, thus maintaining card data security.
Non-compliance
penalties
Penalties for PCI non compliance can be $5,000 -$100,000 every month. Banks will
either terminate the relationship with that merchant or increase their
transaction fees. Fines for PCI compliance violations are not discussed openly,
but can be catastrophic for small businesses.
