Register with PCI Compliance
Registration is quick and easy!
Once you’re signed up and approved, you’ll be able to take your questionnaire online, and we will start scanning your systems on the date and time you set.
Your results will be sent to you via email with instructions for reviewing your report.
PCI Compliance is adherence to Payment Card Industry Data Security Standard (PCI DSS) administered by the Payment card industry security standards council (PCI SSC). It was established in 2006 in collaboration with the different payment card brands: American Express, Discover, JCB, MasterCard and Visa. The requirements are designed to reduce payment card compromises and data theft by helping you secure your sensitive information and reduce your vulnerability to attacks. PCI standards protect card information during and after a financial transaction. Hence PCI compliance is necessary for all card brands. All the members must adhere to these standards if they want to accept credit cards for payment. Failure to meet the compliance standards can result in fines from credit card companies and even lose the ability to process credit cards.
Businesses and merchants are required to process, store and transmit payment cardholder data in compliance with these requirements so that it is kept private and secure. PCI compliance has become crucial for any online transactions since credit card fraud continue to be major threats to businesses. That is the reason PCI Compliance is necessary right from the large stores to the small shops. All the players in the credit card payment process must be PCI compliant, including payment service providers and banks.
PCI Compliance requirements
There are six main requirements for PCI compliance. The vendor must:
This standard refers to the actual network that cardholder data is exposed to.
- Install and maintain a hardware and software firewall to protect cardholder data.
- Ensure all security measures have been taken to protect the network.
- Use vendor recommended defaults for major security parameters.
- Protect stored cardholder data.
- Encrypt transmitted data across open, public networks so that even if someone gets access to the data may not decipher the information.
- Make sure the data transmitted is encrypted with at least a 128 bit SSL certificate to meet the standard.
- Regularly update anti-virus software.
- Regularly update computer hardware, operating systems and software.
- Develop and maintain secure systems and applications.
- Run regular virus scans if your systems is susceptible to vulnerabilities.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
- Maintain a policy that addresses information security.
- Make sure the employees know and understand their responsibilities with regards to cardholder data.
Various levels of PCI Compliance
PCI compliance level definitions:
Level 1 – Merchants processing over 6 million transactions annually. Annual internal audit with a qualified PCI auditor is mandatory.
Level 2 – Merchants processing from 1 million to 6 million transactions annually on all channels. The merchant must complete an annual self-assessment questionnaire (PCI SAQ) in addition to a required quarterly network scan performed by an approved scanning vendor.
Level 3 – Merchants processing from 20,000 to 1 million e-commerce transactions annually. The merchant must conduct an annual risk assessment using self-assessment questionnaire (PCI SAQ).
Level 4 – Merchants processing less than 20,000 e-commerce transactions and less than 1 million other transactions annually. Level 4 businesses must complete an annual risk assessment using the appropriate PCI Self-Assessment Questionnaire (SAQ).The nature of the questionnaires depends on PCI Compliance level, however basic requirements remains the same. The internet-based merchants at each PCI Compliance level must undergo a quarterly vulnerability scan performed by an approved scanning vendor.
What are my requirements?
- An annual Self-Assessment Questionnaire (SAQ) to determine if you are taking the proper precautions to protect your payment card data, similar to an insurance questionnaire, and
- Quarterly security scans if your systems are connected to the Internet. The scans look for weaknesses that an attacker might use to access your systems. A PCI-certified Approved Scanning Vendor (ASV) must conduct these scans.