|
|
|
 |
What is PCI Compliance?
All merchants processing, transmitting, or storing credit card data were required to comply with the new Payment Card Industry (PCI) Data Security Standard by June 30, 2005. Compliance required is based on several criteria.
The Payment Card Industry highly recommends voluntary compliance for all merchants accepting credit cards online and failure to comply with these new security standards may result in substantial fines or permanent expulsion from card acceptance programs.
|
Do I need to become compliant?
Any company that accepts, processes, or stores credit card information needs to comply with the standards set by the Payment Card Industry.
What are my requirements for PCI Compliance?
The requirements for becoming Payment Card Industry (PCI) Compliant are dependent upon the merchant level that a company falls under. Merchants are divided into four different levels based on the number of transactions they process throughout a year.
Level 1 Criteria
 Merchants with over 6 million transactions a year
Merchants whose data has been compromised
Level 1 Requirements
Annual Onsite Security Audit and quarterly network security scan
Level 2 Criteria
Merchants with 150,000 to 6 million transactions a year
Level 2 Requirements
Annual Self Assessment Questionnaire
Quarterly Scan by an Approved PCI Scanning Vendor
Level 3 Criteria
Merchants with 20,000 to 150,000 transactions a year
Level 3 Requirements
Quarterly Scan by an Approved PCI Scanning Vendor
Annual Self Assessment Questionnaire
Level 4 Criteria
Merchants with less than 20,000 transactions
Level 4 Requirements
No need to report compliance but must maintain compliance.
What kind of a scan needs to be performed?
Vulnerability Assessment Scans must be performed by Payment Card Industry Approved Scanning Vendors (ASV). The scan will be performed over all externally facing IP addresses that touch the credit card acceptance, transmission and storage process. Scans must be turned into the merchant bank on a quarterly basis.
How long does it take to become compliant?
The PCI compliance process can take anywhere from one day to two weeks. The amount of time it takes for a company to be considered PCI Compliant is dependent on the threats the PCI scan discovers and the amount of time it takes to complete the self assessment questionnaire.
How do I report compliance?
Both the passing PCI Scan and Annual Self Assessment Questionnaire should be turned into your merchant bank. Your merchant bank will then report back to the Payment Card Industry that your company is PCI Compliant.
What happens if I am not compliant?
Failure to comply with the Payment Card Industry security standards may result in heavy fines, restrictions or permanent expulsion from card acceptance programs.
RBTi will soon be providing PCI compliance scans through our approved partners. |
|
