PCI compliance is a critically important step in safeguarding or protecting your customer’s or partner’s payment card data, and an equally important step in protecting your business from the dire consequences of a data breach.
What is PCI DSS?
Payment Card Industry (PCI) Compliance refers to a particular set of standards designed to protect credit cardholder information. These standards apply to all kind of business that stores, processes, or transmits payment cardholder data both online and offline.
The PCI SSC (Payment Card Industry Security Standard Council) is a governing organization and open global firm responsible for the development, education, management and awareness of the PCI security standards including PCI DSS and PA DSS. It consists of 5 major payment brand: Visa, Master Card, Discover, American Express, JCB. The PCI DSS is a set of standards for companies of any size, that accepts card payments. Ensuring PCI compliance helps companies to keep sensitive personal data of customers safe and secure.
Do I need to have PCI Compliance for my organization?
If you operate your own on-premise or self-hosted cloud commerce solution, then the short and sweet answer is, yes.
Ecommerce PCI compliance is really important whether you have a single brick-and-mortar retail location or you are a large organization selling goods across multiple stores and ecommerce sites, anywhere that your credit card merchant account has been connected to and integrated requires attention.
All credit card transaction volumes your organization processes are aggregated across various channels (i.e. in store retail point-of-sale terminals and also online payment gateways) and summed up to determine an appropriate PCI compliance level.
Why is PCI DSS Important?
Compliance with PCI DSS means that you are taking appropriate steps to protect cardholder data from cyber-theft and fraudulent use. It has as great impact on your business as it does to your customers, because a cyber-attack can mean a potential loss of revenue, customers, brand reputation and trust.
With that in mind, it’s now more important than ever to take responsibility for your customer’s data and make sure you make the appropriate provisions to keep that data secure.
Compliance Requirements Depend on the Size of Your Business, Types of certification available
To analyse the requirements that apply to individual businesses, the PCI SSC has created a four-level system for classifying businesses by size and risk. These merchant risk levels are purely based on the overall number of payment card transactions that a company conducts on an annual basis, with Level 4 being the lowest level of risk, and Level 1 always being the highest.
Mostly, small businesses land in Level 4, while Level 1 covers large, multi-national retailers like Amazon and Walmart. Any organization that has had a data breach is most likely also to be moved into Level 1, regardless of size or number of annual transactions.
Here’s how the four levels break down:
Merchants with more than 6,000,000 transactions per year or those who have had data compromised in the past.
Merchants with 150,000 to 6,000,000 transactions per year.
Merchants with 20,000 to 150,000 transactions per year.
Merchants with less than 20,000 transactions per year.
It’s also worth noting that the PCI SSC considers eCommerce transactions riskier than in-person transactions, and therefore it takes lesser eCommerce transactions to move into a higher PCI compliance level.
What Do you Need to Do to Become PCI DSS Compliant?
For companies who want to become PCI DSS compliant, you first need to understand how payment data is captured, stored and organized. Many organizations will be using a fully hosted solution to manage this.
Compliance is measured by the merchant by completing an audit of their cardholder data environment against the standard.
The standard however requires merchants and member service providers (MSP’s) involved with storing, processing or transmitting cardholder data to :
Build and maintain a secure IT network;
Protect cardholder data;
Maintain a vulnerability management program;
Implement strong access control measures;
Regularly monitor and test networks;
Maintain an information security policy.
For more information on how NeoBanq can help you with PCI compliance, call us now.