Contact Us Today! 1-844-237-4300

Central Technology Solutions Blog

PCI Compliance and Your Business

PCI Compliance and Your Business

The days of the cash-only business are over. It doesn’t matter if your business is a multinational corporation or you cut grass for a living, accepting payment cards is not only convenient for your customers, most of the time it’s the most secure way to get paid. In an effort to protect the personal and financial information of consumers who have come to depend on their payment cards, the banks that back the credit card industry have developed a regulation that businesses who process cards need to adhere to. Today, we will go over this regulation and how it affects small and medium-sized businesses

Unpacking PCI 

What is known as PCI Compliance, is actually the Payment Card Index Digital Security Standard (PCI DSS). It was established in 2006 as an industry-wide standard, sponsored by what is now known as the PCI Security Standards Council made up of some pretty familiar names: Visa, Mastercard, American Express, and Discover. The council was established to regulate the credit card industry and manage the standards in which businesses would be held to improve consumer privacy. 

The first thing you should know is that PCI standards apply to all businesses that accept payment cards. If your business stores information or processes payment using digital payment, you have to maintain PCI compliance. Here are 10 actions every business that accepts payment cards needs to take:

  1. Change passwords from system default
  2. Install all sufficient network security tools (antivirus, firewalls, etc.) that will work to protect card data
  3. Encrypt transmission of card data across public networks
  4. Restrict the transmission of card and cardholder data to “need to know” basis
  5. Assign user ID to all users with server or database access
  6. Make efforts to protect physical and digital access to card and cardholder data
  7. Monitor and maintain system security
  8. Test system security regularly
  9. Create written policies and procedures that address the importance of securing cardholder data
  10. Train your staff on best practices of accepting payment cards

Again, every single business that accepts the use of payment cards needs to be sure to accomplish these 10 things. Many businesses already do these things in the normal course of doing business, but if you don’t, and you accept payment cards, you are not in compliance and face severe rebuke. 

PCI and Business Size

Once you understand the global actions your business needs to take to stay in compliance, you then need to understand what level of merchant you are. According to the PCI Security Standards Council there are four levels of businesses that process credit cards. They are defined as follows:

  • Merchant Level #1 - A business that processes over six million payment card transactions per year.
  • Merchant Level #2 - A business that processes between one million-to-six million payment card transactions per year.
  • Merchant Level #3 - A business that processes between 20,000-to-one million e-commerce payment card transactions per year.
  • Merchant Level #4 - A business that processes less than 20,000 e-commerce payment transactions, and fewer than one million overall payment card transactions per year.

Since a breach at level 1 will likely affect more consumers, the PCI regulatory body--that doesn’t have the means to constantly check every business--spends more time regulating larger organizations than it does smaller businesses. That’s not to say that small businesses can’t face hefty fines and consumer attrition if they are non-compliant. Each level has its own specific mandate. Let’s go through them now.

Merchant Level #1
Doing massive business online and otherwise brings with it more responsibility. To maintain PCI compliance, Level one merchants need to:

  • Perform a yearly Report on Compliance (ROC) through a Qualified Security Assessor (QSA)
  • Allow an Approved Security Vendor (ASV) to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #2
As transactions begin to decrease there are less stringent standards. Level two’s include:

  • Perform a yearly Self-Assessment Questionnaire (SAQ)
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #3
Many medium-sized businesses will fall under this level and need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #4
The majority of small business fall into level #4 status and like level’s two and three need to:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council record

Businesses found to be in noncompliance will often be subject to review and are often fined, given extra scrutiny, or have their privilege to accept payment cards revoked. Don’t allow this to happen to your business. If you have any questions about PCI DSS standards, or how to keep your business in compliance, call the IT professionals at Central Technology Solutions today at 1-844-237-4300.

Tip of the Week: How to React When Your Workspace ...
Not All Threats are External


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Sunday, July 05 2020

Captcha Image

By accepting you will be accessing a service provided by a third-party external to

Join our mailing list!

  • Company Name *
  • First Name *
  • Last Name *

      Mobile? Grab this Article!

      QR-Code dieser Seite

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Productivity Cloud Data Privacy Hosted Solutions Network Security IT Services Data Backup Email Malware Internet Hackers Software Business IT Support Efficiency Outsourced IT Microsoft Innovation Productivity Data Recovery Computer Hardware Mobile Devices Managed IT Services Small Business Upgrade Business Continuity Google IT Support Cloud Computing Backup Ransomware Cybersecurity Phishing Collaboration Tech Term User Tips Communication Managed Service Provider Smartphone Managed IT Services Business Management Windows 10 Disaster Recovery Workplace Tips Mobile Device VoIP Smartphones Internet of Things Android Paperless Office Remote Monitoring Social Media Data Management communications Facebook Browser Managed Service Encryption Quick Tips Managed IT Save Money Windows 10 Office 365 Windows Network Artificial Intelligence Server Miscellaneous Saving Money Virtualization BDR Help Desk Business Technology Wi-Fi Passwords Compliance Holiday BYOD Risk Management Apps Vendor Management Windows 7 Password Healthcare App Mobile Device Management Government Health Document Management Users Microsoft Office Remote Work Automation Training Data Security Avoiding Downtime Gmail Robot Analytics Laptops Unified Threat Management Big Data Firewall Office Chrome Bandwidth Recovery Employer-Employee Relationship Bring Your Own Device Applications Going Green Mobility Data loss Vulnerability Information Technology File Sharing Content Filtering Two-factor Authentication Wireless Processor Telephone Systems SaaS IT Management Regulations Redundancy Blockchain Tip of the week Apple Scam Computers Information Project Management Storage Antivirus Money Hosted Solution Data storage Website Computing Infrastructure Budget Machine Learning Covid-19 Customer Service Software as a Service Router Tablet OneDrive Printing Proactive Operating System Maintenance Virtual Reality Meetings Employee-Employer Relationship Files Remote Computing Gadgets Settings IT Service Politics Access Control Work/Life Balance Hard Drive Unified Communications Social IoT Downtime VPN Company Culture Customer Relationship Management Flexibility RMM Virtual Private Network Payment Cards Network Management Utility Computing Consulting Bitcoin Assessment The Internet of Things IT solutions How To Co-Managed IT Server Management Outlook Mouse Managed Services Provider Smart Technology Upgrades Consultation Net Neutrality Sports Uninterrupted Power Supply Twitter Professional Services Managed Services Remote Monitoring and Management Google Drive Management Mobile Office Private Cloud Display Internet Exlporer End of Support Business Growth Remote Workers Word Search Tech Support HIPAA Remote Worker Digital Payment Mobile Computing Cooperation Monitors Data Storage Mobile Security Electronic Medical Records Hacker Spam Alert Websites Identity Theft Solid State Drive YouTube Licensing WiFi Social Network Current Events Wireless Technology Legal Electronic Health Records Employees Time Management Networking Monitoring Patch Management How To Samsung Administration File Management Dark Web Education Data Breach Augmented Reality Chromebook Recycling LiFi Voice over Internet Protocol Hacks Development Zero-Day Threat Virtual Desktop User Error Language GDPR Outsourcing Typing Cyber Monday technology services provider Notifications Managing Stress Instant Messaging Smart Tech 5G IT Best Practice OneNote Disaster Trending Migration Black Market GPS PowerPoint Value of Managed Services Mail Merge Data Warehousing Tech Terms Technology Laws Operations Writing Emoji Windows Server eWaste Read Only Supercomputer Telephone Cables Backup and Disaster Recovery Touchscreen Techology Computing Infrastructure Network Congestion Crowdsourcing Video Conferencing VoIP Sponsor Technology Assurance Group ’s 18 Windows 8 Save Time Enterprise Content Management Peripheral Finance Lenovo Computer Repair G Suite History Wireless Internet Business Telephone Technology Tips Chatbots Tracking Address Microsoft Excel Modem Physical Security Google Maps Manufacturing Optimization Marketing Theft Statistics Multi-Factor Security Wearable Technology Retail Cortana Taxes Security Cameras User Management Identities 3D Printing IT Budget Transportation Mobile VoIP Wires Human Error Disaster Resistance Printer Alerts Biometric Cost Management E-Commerce Buisness Digital Obstacle Distributed Denial of Service Annual Convention Virtual Assistant Vendor Vulnerabilities PCI DSS Authentication Superfish Cabling Employer/Employee Relationships IT Assessment Google Wallet Connectivity Comparison Identity Processors Google Docs Enterprise Resource Planning Outsource IT Bookmarks Cookies Office Tips Hard Disk Drives Virtual Machines WPA3 Financial Bluetooth Google Calendar Batteries Hard Drives San Diego Unsupported Software Virus Cyber security Humor Permission Proactive IT Update Point of Sale Projects Gamification Features Spyware Course Managed IT Service Wasting Time Smart Devices Backups Geography Authorization Cybercrime Proactive Maintenance Digitize Drones Shortcut Specifications Mobile Laptop Favorites Firefox Permissions Nanotechnology Sync Solid State Drives Credit Cards Deep Learning Fleet Tracking Procurement Legislation IT Technicians Social Engineering USB Telephony ROI Break Fix Social Networking Mobile Data Public Cloud Teamwork Test Heating/Cooling IT Consulting SharePoint Staff Law Enforcement Return on Investment Cache Database Sensors High-Speed Internet Unified Threat Management Hotspot Travel Database Management Shadow IT Alt Codes Star Wars WannaCry Black Friday Roanoke — Central Technology Solutions Botnet Cryptocurrency Remote Working Conferencing Fraud Screen Reader Dark Data Personal Information Mobile Device Managment Software Tips Options Holidays Asset Tracking Hacking Mirgation Safety Notes Motherboard Automobile Computer Care Shared resources Windows Server 2008 MSP Servers Downloads Gadget Active Directory Cyberattacks Motion Sickness Administrator CCTV Relocation Printers Webcam IT Consultant Error Students Hard Disk Drive Regulation Web Server CRM Emergency Cameras CrashOverride