Friday, February 19, 2010

The Truth About PCI Compliance

If you are using software to process credit card charges, you are processing someone's personal financial information, and you need to ensure that this information is safe from any attempt at compromising it, internal attempts as well as external attempts. Fines of up to $10M have been levied against fairly small businesses.

The Payment Card Industry Data Security Standard (PCI DSS) is a mandatory global standard established by the major card associations to ensure the protection of cardholder data. Based on twelve guidelines, the PCI DSS requires merchants to make their physical and virtual environments secure to ensure protection of cardholder data. As a merchant accepting credit cards as a form of payment, you are required by the card associations to adhere to the PCI DSS. The PCI DSS encompasses the security programs from Visa and MasterCard, Cardholder Information Security Program (CISP) and Site Data Protection (SDP), respectively.

The PCI DSS sets technology requirements such as the use of data encryption, end-user access control, and activity monitoring and logging. It also includes procedural mandates, such as the need to implement formal and documented security policies and vulnerability-management programs. They were developed to ensure that cardholder data is protected throughout the transaction process. Compliance with the standard applies to all types of merchants, retail, Mail Order/Telephone Order, and Internet. All merchants need to follow best practices for storage and destruction of all paper or electronic records containing account numbers or cardholder data. Additionally, merchant service providers processing credit cards need to be PCI compliant.

The more credit card transactions a merchant processes, the more stringent the compliance procedure. For most merchants, compliance consists of passing quarterly or annual network scans and completing an annual self-assessment questionnaire. If you process more than 20,000 e-commerce or 6 million total V/MC transactions per DBA (doing business as) annually, you will need to provide evidence of certification from a V/MC certified vendor. Penalties for failure to comply with the PCI requirements, failure to rectify a security issue, or failure to report a compromise are severe:

  • Possible restrictions on the merchant
  • Permanent prohibition of the merchant’s participation in card association programs
  • A fine of up to $500,000 per incident
  • Violation of applicable federal or state laws
  • Fraud losses perpetrated using the account numbers associated with the compromise (from date of compromise forward)

To read more on this topic, click here.

3 comments:

  1. Steam machines also have the ability to sterilize and disinfect after the end of the stages of cleaning and washing where the high spray has the ability to get rid of microbes and bacteria as well as for small insects and thus get a distinct variety of services thanks to one machine used in a steam cleaning company in Riyadh, which saves time The effort is usually made with the traditional methods of cleaning, unlike the use of steam machines or half steam which finishes the cleaning process at least 40 minutes.
    شركة النجوم لخدمات التنظيف
    شركة تنظيف كنب بجدة
    شركة تنظيف بجدة
    شركة تنظيف خزانات بجدة

    ReplyDelete
  2. Our company is one of the best companies specialized in the cleaning process, and it is worth noting that our company provides many distinctive and wonderful services to all of its distinguished customers, and our company provides additional services to all its new and old customers
    شركة تنظيف خزانات بالبكرية

    شركة تسليك مجاري بالبكرية

    شركة عزل اسطح بالبكرية

    شركة نقل عفش بالبدائع

    شركة كشف تسربات المياة بالبداع

    ReplyDelete