Registration is quick and easy!
Once you're signed up and approved, you'll be able to take your questionnaire online, and we will start scanning your systems on the date and time you set.
Your results will be sent to you via email with instructions for reviewing your report.
PCI Compliance is adherence to Payment Card Industry Data Security Standard (PCI DSS) administered by the Payment card industry security standards council (PCI SSC). It was established in 2006 in collaboration with the different payment card brands: American Express, Discover, JCB, MasterCard and Visa. The requirements are designed to reduce payment card compromises and data theft by helping you secure your sensitive information and reduce your vulnerability to attacks.
PCI standards protect card information during and after a financial transaction. Hence PCI compliance is necessary for all card brands. All the members must adhere to these standards if they want to accept credit cards for payment. Failure to meet the compliance standards can result in fines from credit card companies and even lose the ability to process credit cards.
Businesses and merchants are required to process, store and transmit payment cardholder data in compliance with these requirements so that it is kept private and secure. PCI compliance has become crucial for any online transactions since credit card fraud continue to be major threats to businesses. That is the reason PCI Compliance is necessary right from the large stores to the small shops. All the players in the credit card payment process must be PCI compliant, including payment service providers and banks.
There are six main requirements for PCI compliance. The vendor must:
Maintain a secure network
This standard refers to the actual network that cardholder data is exposed to.
Protect Cardholder Data
This standard focus on how cardholder data should be stored and transmitted.
Maintain a Vulnerability Management Program
This standard focus on keeping up to date with your systems.
Implement Strong Access Control Measures
This standard focus on restricting physical access to cardholders data by limiting access to only those persons who need to use it.
Regularly Monitor and Test Networks
This standard focus on monitoring and testing the network that store cardholder data on a regular basis
Maintain an Information Security Policy
This standard identifies how it is important to draft and implement a company-wide information security policy.
All the merchants who process credit cards must be PCI compliant. These merchants fall under four categories depending on the number of electronic transactions they make each year. However each payment card brand has its own requirements and definitions of PCI compliance levels. Even though the PCI Security Standards Council (PCI SSC) developed these standards, compliance is mandated by the individual payment card brands like Visa, MasterCard, American Express, Discover and JCB.
PCI compliance level definitions:
Level 1 - Merchants processing over 6 million transactions annually. Annual internal audit with a qualified PCI auditor is mandatory.
Level 2 - Merchants processing from 1 million to 6 million transactions annually on all channels. The merchant must complete an annual self-assessment questionnaire (PCI SAQ) in addition to a required quarterly network scan performed by an approved scanning vendor.
Level 3 - Merchants processing from 20,000 to 1 million e-commerce transactions annually. The merchant must conduct an annual risk assessment using self-assessment questionnaire (PCI SAQ).
Level 4 - Merchants processing less than 20,000 e-commerce transactions and less than 1 million other transactions annually. Level 4 businesses must complete an annual risk assessment using the appropriate PCI Self-Assessment Questionnaire (SAQ).
The nature of the questionnaires depends on PCI Compliance level, however basic requirements remains the same. The internet-based merchants at each PCI Compliance level must undergo a quarterly vulnerability scan performed by an approved scanning vendor.
As a merchant who stores, processes or transmits payment card data, you are required to be PCI DSS compliant by the payment brands and your merchant bank. To achieve PCI DSS compliance, you need to complete:
Failure to comply with the PCI DSS can result in data breaches and fines. You may also lose the ability to accept payment cards.
In an effort to assist you with your compliance efforts, Merchant Industry has partnered with PCI Compliance, LLC, a company specializing in merchant compliance. PCI Compliance, LLC works with merchants to help them overcome their individual hurdles and achieve PCI DSS compliance.
To help facilitate PCI DSS compliance, PCI Compliance, LLC has teamed with 403 Labs to offer a fully-automated Internet testing service that enables you to assess the security of your Internet connection and devices. This service includes an easy-to-use online Self-Assessment Questionnaire that guides you through your payment card environment and processes, as well as a vulnerability scanning engine that performs over 37,000 different security tests on your computer systems.
Merchant Industry has partnered with PCI Compliance to offer PCI Compliance's services to our merchants at a significantly reduced cost.