If your business accepts credit card payments either online, in person or over the phone your business needs to ensure it is fully PCI compliant. Payment Card Industry Data Security Standard (PCI DSS) came about on September 7th, 2006, and it mandates a set of requirements and best practices for any company conducting credit card transactions, stores card data, or transmits credit card information maintains the cardholder’s data in a secure environment. Furthermore, any credit card data that is transmitted across any open networks must be fully encrypted which would render the data unusable if it were to be compromised.
Payment card industry (PCI) compliance is mandated by credit card companies to help ensure the security of credit card transactions in the credit card payments industry. Payment card industry compliance refers to the technical and operational standards that businesses follow to secure and protect credit card data provided by cardholders and transmitted through card processing transactions. PCI standards for compliance are developed and managed by the PCI Security Standards Council.
Merchants are divided into 4 different levels based upon the number of transactions your business processes annually. However, most merchants typically fall into Level 4. Level 4 applies to merchants that process fewer than 20,000 Visa or Mastercard e-commerce transactions per year or up to 1 million total Visa or Mastercard credit card transactions and that have not suffered a data breach or attack that compromised card or cardholder data.
If you are a Level 4 merchant you will need to complete a network vulnerability scan of your system quarterly, keep your Self-Assessment Questionnaire (SAQ) updated, and follow the best practices recommended by the PCI SSC to keep your account compliant and protected.
What is a Network Vulnerability Scan?
A network vulnerability scan checks your website and payment processing system for vulnerabilities, such as malware and viruses. The scan will also inspect every IP address that is reachable by the public from your site. You will need to update it anytime you have a significant change to your network configuration.
What is a Self-Assessment Questionnaire (SAQ)?
A Self-Assessment Questionnaire is a merchant’s statement of PCI compliance. It is a way to show that your business is taking the security measures needed to keep cardholder data secure at your business with a series of questions.
Regardless of your business type, suffering an actual data breach will cost your business a lot of money because the fines associated with a data breach if your business is not in PCI Compliance can be in the hundreds of thousands of dollars, if not millions (depending on how big of a data breach) and in some cases can cause a merchant to file for bankruptcy.