To put an end to huge numbers of credit card frauds and identity thefts that are occurring, the major credit card companies (Visa, American Express, MasterCard, Discover and JCB.) got together and created the Payment Card Industry Security Standards Council. This council is responsible for:
- Managing, owning and creating PCI Data Security Standard for any card data
- Classifying audit requirements and certifying the compliance
- Seeing the Certification process for network scanning vendors and security assessors
- Instituting the least requirements for qualification
- Publishing and enlisting assessors and vendors
Businesses, which process, store or transmit credit cards, debit cards, or any POS card information must follow the standard set by the council. The process followed is known as PCI-DSS compliance.
How can You Become PCI compliant?
1) It is necessary to take help of an approved Scan vendor from PCI Security Standard council.
2) In order to ask for compliance, the business must have a merchant ID number, business name, and contact address as well as a phone number. This allows the compliant consultant to look for information about the merchant faster.
3) Based on an understanding of the business standards, the consultant advises the merchant about the needful that is to be done in order to suffice Payment Card Industry Data Security Standards.
4) The business need to educate them on the safer practice of processing customers’ credit card. In addition, online PCI self-assessment questionnaires and quarterly network scans are offered.
To know more about the guidelines for gaining PCI compliance, click here.
It is mandatory for any website that processes the customer’s credit card details to be compliant with the standards. The size of the business will only determine the compliance standards that are to be met. But whether you are the largest corporation or smallest internet store, you have to stick to the guidelines if you accept, store, process or handle customers’ card information in any way.
Since its inception on 7th September 2006, it has evolved to the present form for maintaining a secure environment. Under the independent body of Payment Card Industry Security Standards Council (PCI SSC), a set of 12 requirements are fixed that the merchants, regardless of their size or number of transactions, must fulfill. A few of the requirements are:
1) Building and maintaining a secure network
2) Protecting cardholder data
3) Maintaining a vulnerability management program
4) Implementing strong access control measures
5) Regularly monitoring and testing networks
6) Maintaining information security policy
What are the levels of PCI compliance and how are they determined?
Four levels of PCI compliance are present. It is based on Visa transaction volume over a period of 12 months by the merchant which is Doing Business As (DBA). If a merchant has more than one DBA, then the aggregate volume of transactions stored, transmitted, and processed are taken into consideration.
Merchant levels as defined by Visa:
Merchant Level | Description |
1 | Merchant processing over 6 M Visa transactions per year. |
2 | Merchant processing 1M to 6 M Visa transactions per year. |
3 | Merchants processing 20,000 to 1 M Visa e-commerce transactions per year. |
4 | Merchants processing fewer than 20,000 Visa e-commerce transactions per year |
For more detailed information, validation requirements, and documentation required, click here.
What to do if security is compromised?
Immediate action has to be taken in order to investigate the matter and identify the loopholes. You can follow the steps as mention here.
To learn more about PCI Security standard and visa compliance requirements, refer to the resources at http://usa.visa.com/merchants/risk_management/cisp_tools_faq.html.