PCI DSS Compliance that you should know

December 8, 2017 | By James Raymond

PCI Compliance for business

What is PCI compliance?

It was in 2006 that the Payment Card Industry Data Security Standard (PCI DSS) was established by all card brands like Mastercard, Visa, American Express, JCB international etc.

All businesses that accept payment through the card or transmit payment card to implement the standard to prevent data theft. The PCI DSS requirement will apply to all such business with the handling practices and the processing environment.

What is PCI validation?

PCI validation means that a security standard council comes out with a manual that all merchants comply with. The Security Council in a way document the compliance based on the annual validation. The whole process is based on the transaction and requires self-assessment or independent audit.

Who needs PCI compliance?

All business that accepts payment through cards is required to comply with PCI DSS standards.

When PCI compliance came into the light?

PCI compliance was introduced in the year 2006. The payment card industry security council are doing their best to apprise all merchants and POS in about this standard procedure.

Is PCI compliance required by law?

PCI compliance is not regulated by the law, nevertheless, when you make a card through payment and sign the counter-slip to endorse your acceptance, means you agree to follow the rules. This is purely on the safe side if the user wants to accept Visa, MasterCard, American Express and other brands.

Deadline to become PCI compliant?

The deadline to adhere to this compliance is already over. You can contact the merchant processor and get more details on how to be compliant, and protect yourself from being hacked. The sooner the better.

What happens if I don’t become PCI compliant?

If not PCI compliant you are exposed to attack and stand vulnerable to cyber attack. In case of any breach, you are liable to be fined by the merchant processor or card brand for not being PCI compliant.

I only process a few cards a year. Do I still need to be PCI compliant?

It is not the quantity or amount of the card your process of the transaction, even if you process one card a day, you are liable to implement PCI compliance and secure your processing environment.

Criteria to become PCI compliant?

Analyze your PCI DSS validation type
Address all the standards that meet the requirements in the Self-Assessment Questionnaire related to security, including vulnerability scans, penetration tests, employee training, etc.)

Attest to your compliance annually
Complete and quarterly report of all security profiles that you have in place attested by Approved Scanning Vendor (ASV)

PCI compliance certificate?

  • It’s a certificate that confirms that an organization is PCI DSS compliant. It is not mandatory and one doesn’t necessarily need to have a certificate to state his organization is PCI compliant.
  • Does SSL/TLS certificate for the website, comes under PCI compliance?
  • No, an SSL/TLS certificate for your website is an important factor because it certifies that your website is secure, but this alone does not meet the compliance requirement.
  • What if I don’t use a computer for card payment
  • You, still need to have a PCI compliance because it is nothing to do with the Internet or computer system. PCI compliance is analyzed by how you handle, store, and process card information.

Who enforcement body for PCI compliance?

Well, it’s the bank that enforces the merchant to have a PCI DSS compliance in place.

In case of data breach

Switch off the internet, and inform the merchant processor, and the forensic investigator. The PCI forensic will help you fix the loop in the security, and help you identify how the attackers managed to breach your system. The process is documented and the brand will remediate the vulnerabilities that enabled this attack.

PCI DSS for E-commerce Site

Be Sociable, Share!

Add new comment

Your name
Comment

You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>