fbpx
Mytek Logo
MyTek Logo

Let’s Help You Understand PCI Compliance

by | Jul 3, 2020 | MyTek Blog, Security

Q

Subscribe To The Blog

By subscribing to the blog, you will be notified when a new blog post is created on the site.

In the digital age, almost every single business accepts payment cards. To protect people’s financial and personal information during credit, debit and gift card transactions, businesses should take serious steps. When it comes to losing this information, the companies that will be hurt the most like Mastercard, Visa, American Express and Discover have industry-wide compliance regulations to protect themselves. This regulation is called PCI DSS, otherwise known as Payment Card Index Digital Security Standard. Today we’re going to take a look at this regulation.

Understanding PCI Compliance

The credit card companies we mentioned above make up what is called the PCI Security Standards. This mandate is for any business who wants to accept payment cards. That basically means any business, as long as they accept debit, credit and gift cards.

If your business stores information or processes payments using digital payment cards, they need to be PCI compliant. Here are 10 actions you need to take to meet these regulations:

  • Install all the sufficient network security tools (antivirus, firewalls, and more) that can protect card data
  • Restrict card information data to “need to know” basis
  • Assign user ID to all users with access
  • Test your system security on the regular
  • Encrypt transmission of card data across your networks and public networks
  • Change default passwords and make them complex
  • Protect your physical and digital access to cardholder and card data
  • Train your staff on best practices of accepting payments
  • Maintain and monitor system security
  • Create written policies and procedures that keep the importance of securing cardholder data

Thankfully, most businesses already fo these things to keep their data safe, and companies that don’t are in breach of regulation and can face major consequences.

PCI and Business Size

Based on PCI regulators, the size of your business is in direct proportion to the amount of risk that comes with your business. PCI Security Council mandates break down businesses into four different merchant levels:

  • Merchant Level #1: This is a business that processes over 6 million payment card transaction per year.
  • Merchant Level #2: This is a business that processes between one million to 6 million payment card transactions per year.
  • Merchant Level #3: This is a business that processes between 20,000 to one million payment card transactions per year.
  • Merchant Level #4: This is a business that processes less than 20,000 payment transactions and fewer than one million overall payment card transactions per year.

Here are the responsibilities for each merchant level:

Merchant Level #1

Massive business online brings along even more responsibility. PCI regulations state that Level #1 merchants need to:

  • Use a Qualified Security Assessor (QSA) to perform a yearly Report on Compliance (ROC)
  • Complete a quarterly network scan with an Approved Security Vendor (ASV)
  • Complete Attestation of Compliance Form for PCI Council records

Merchant Level #2

Level #2 businesses need to:

  • A yearly Self-Assessment Questionnaire (SAQ)
  • Complete a quarterly network scan with an ASV
  • Complete Attestation of Compliance Form for PCI Council records

Merchant Level #3

Medium-sized businesses that fall under Level #3 need to:

  • Perform a SAQ
  • Complete a quarterly network scan with an ASV
  • Complete Attestation of Compliance Form for PCI Council records

Merchant Level #4

Small businesses usually are under this level and need to:

  • Perform a SAQ
  • Complete a quarterly network scan with an ASV
  • Complete Attestation of Compliance Form for PCI Council records

Data security and privacy is more important than ever and the payment card industry does a great job policing it when it comes to card payments. If your business is found to not be in compliance with their regulations you can face severe penalties and even have your privileges revoked. If you need help with these Payment Card Index Digital Security Standard regulations, give MyTek a call at 623-312-2440.

ABOUT THE AUTHOR

Tim - Team

Tim Tiller, LMSW

 
Tim Tiller, MSW brings a deep service background to his role at Mytek, having graduated from McDonald’s management training program, fresh out of high school, and working his way up through the ranks in the hospitality industry. He has led two prior companies – Multi-Systems Inc., an IT-focused organization providing technology to hospitality companies (where he was named President at age 36), and most recently, as Chief Operating Officer for Jewish Voice Ministries International.

Q

Subscribe To This Author

By subscribing to the author, you will be notified when a new blog post is created by the author.

AUTHOR’S RECENT POSTS

Top 5 Hardware Monitoring Software 

Did you know that almost 40% of servers had at least one outage in the last twelve months? Veeam reports that the most common reason for outrages is infrastructure failure which puts the current hardware monitoring practices under the scanner. Hardware failures are...

Types of Mobile Malware & How to Defend Against Them

Malware has a long history of undermining computer security and stealing critical data. With the rapid growth of mobile usage, we're now seeing a new breed of mobile malware infecting smartphones and tablets. The new-age mobile malware are more advanced, seamless, and...

How to Protect Your Data Privacy & Enhance IT Security

Every time you use a device, you enter, modify or access data. Some of your usages are routine and public but sometimes you perform tasks that are confidential in your personal life or business. Naturally, this type of data is private and it should be kept that way....

Mobile? Grab this Article!

QR Code

Blog Archive

Generated by Feedzy
Share This