You are here: Home Blog ClearView IT The Basics of PCI Compliance

ClearView IT Blog

ClearView IT has been serving the Phoenix area since 2005, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Print

The Basics of PCI Compliance

ClearView IT Blog Security
0 Comments
The Basics of PCI Compliance

Businesses today should be accepting card-based payments, regardless of their size. In addition to the convenience it offers to customers, it’s the most secure means you have of being paid. To protect consumers and their personal and financial information, many card providers have adopted a unified regulation that applies to businesses that accept these payments. Let’s review this regulation and how it impacts the average small-to-medium-sized business.

Understanding PCI

Established in 2006, the Payment Card Index Digital Security Standard (or PCI DSS) was sponsored by the members of the PCI Security Standards Council. This council was founded to help the credit card industry self-regulate and manage the standards for consumer privacy that businesses would be beholden to. You certainly have at least one of the council’s members in your wallet right now: Visa, Mastercard, American Express, and Discover.

The standards that this council established apply to any and all businesses that accept payment cards from their customers. If you process or store payment information or process digital payments, PCI compliance is mandatory.

To remain compliant, any business that accepts payment cards needs to: 

  1. Change passwords from system default
  2. Install sufficient network security tools (antivirus, firewalls, etc.) that will work to protect card data
  3. Encrypt transmission of card data across public networks
  4. Restrict the transmission of card and cardholder data to a “need to know” basis
  5. Assign user ID to all users with server or database access
  6. Make efforts to protect physical and digital access to card and cardholder data
  7. Monitor and maintain system security
  8. Test system security regularly
  9. Create written policies and procedures that address the importance of securing cardholder data
  10. Train staff on best practices of accepting payment cards

Any business, all businesses, each and every business of any kind that takes credit card payments needs to get these ten things done. Many businesses already accomplish these things as part of their typical routine… if you aren’t one of them, and accept card-based payments, your non-compliance could get you in serious trouble.

PCI and the Size of Your Business

The above checklist were the things that all businesses are responsible for, across the board. Based on what “level” of business you operate (according to the PCI Security Standards Council) there are other needs you must address. As the council defines them, there are four different levels you may fall into:

  • Merchant Level #1 - A business that processes over six million payment card transactions per year.
  • Merchant Level #2 - A business that processes between one million-to-six million payment card transactions per year.
  • Merchant Level #3 - A business that processes between 20,000-to-one million e-commerce payment card transactions per year.
  • Merchant Level #4 - A business that processes less than 20,000 e-commerce payment transactions, and fewer than one million overall payment card transactions per year.

As a level one breach will almost certainly have an impact to a larger number of consumers, the focus of the PCI regulatory body tends to be on these larger organizations. The means just aren’t there for every business to be checked constantly. However, that doesn’t mean that small businesses aren’t also facing severe risks. Here are some of the other requirements that businesses must fulfill, based on their Merchant Level:

Merchant Level #1

Considering the scale of these businesses and the reach that they have to consumers both online and in-store, these merchants have much greater responsibility. PCI compliance for Merchant Level 1 requires that merchants:

  • Complete a yearly Report on Compliance (ROC) through a Qualified Security Assessor (QSA)
  • Undergo a quarterly network scan by an Approved Security Vendor (ASV)
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #2

Standards relax as the number of transactions decreases, so Merchant Level 2 dictates that these merchants:

  • Perform a yearly Self-Assessment Questionnaire (SAQ)
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #3

This is where most medium-sized businesses would classify, and also requires that merchants:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #4

This level applies to the vast majority of small businesses. Like the prior two merchant levels, this level requires that all merchants:

  • Perform a SAQ
  • Allow an ASV to complete a quarterly network scan
  • Complete the Attestation of Compliance Form for PCI Council record

Noncompliant businesses can be reviewed, and are generally fined, watched more closely in the future, or even prohibited from accepting payment cards at all. Obviously, this isn’t something you want to happen to your business.

To find out more about PCI DSS standards and what you can do to ensure your compliance, give the IT professionals at ClearView IT a call at 866-326-7214 today.

Tweet
Tags:
PCI DSS Regulations Compliance Financial Data
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 05 May 2025
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Search the Blog

Blog Categories

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Hackers Productivity Software Privacy Network Security Data Cloud Business User Tips IT Support Internet Hardware Innovation Email Hosted Solutions Malware Efficiency Workplace Tips Computer Google Microsoft Collaboration Android Business Management Cybersecurity Phishing IT Services Backup Data Backup Ransomware communications Smartphone Microsoft Office Upgrade Small Business Smartphones Mobile Devices Network Managed IT Services Data Recovery Communication Productivity Quick Tips Users Social Media VoIP Mobile Device Tech Term Automation Business Continuity Facebook Windows 10 Passwords Holiday Disaster Recovery Covid-19 Apps Managed Service Windows 10 IT Support Browser Miscellaneous Cloud Computing Outsourced IT Remote Work Data Management Managed Service Provider Internet of Things Government Saving Money Operating System Managed IT services Workplace Strategy Gadgets Networking Windows Artificial Intelligence Bandwidth Server Remote Information Encryption App Virtualization Mobile Device Management Spam Business Technology WiFi Blockchain Employee/Employer Relationship History Gmail Budget Office Two-factor Authentication Office 365 Apple Information Technology Cybercrime Access Control Data Security Wi-Fi Health Big Data BDR Analytics Conferencing Compliance Save Money Patch Management Employer-Employee Relationship Vendor Help Desk Remote Monitoring Hacking Voice over Internet Protocol Remote Computing Cost Management IT Management Training Hacker Document Management Data storage Augmented Reality Word Search... Best Practice IBM Applications Website Retail Alert Project Management BYOD Vulnerabilities Mobile Office Computing Hiring/Firing Outlook Vendor Management Managed Services Hard Drive Password Money Data loss Legal Customer Service Unified Threat Management Firewall Update Marketing iPhone Running Cable Education Cortana Travel Virtual Reality Data Breach Content Filtering Social Engineering Storage Cryptocurrency Paperless Office Antivirus Black Market Windows 11 Router Cleaning Maintenance Robot The Internet of Things Monitoring Remote Workers YouTube User Healthcare Websites Windows 7 Free Resource Laptop Meetings Mobility How To Twitter Chrome Google Maps Scam Law Enforcement End of Support Sports Printer Social VPN SaaS DDoS Mobile Computing Avoiding Downtime Notifications Managed IT IT Consultant Disaster Unified Communications Virtual Assistant Digital Holidays Google Docs Customer Relationship Management Taxes Co-Managed IT Bluetooth Entertainment Cooperation Lithium-ion battery Distributed Denial of Service Office Tips Video Conferencing Private Cloud Processor Memory Virtual Machines Computer Repair Processors Physical Security Professional Services Politics Settings Machine Learning Multi-factor Authentication Start Menu HIPAA Computer Care Managed Services Provider Solid State Drive Downloads Wireless Technology Vulnerability Saving Time Virtual Private Network eWaste Chromebook Software as a Service Drones Bitcoin Current Events Data Protection Computers Downtime Automobile Telephone Safety Solutions How To Microchip Images 101 Virtual Desktop Integration PowerPoint Experience Excel Display Flexibility Administration Presentation Tech Terms Identity Theft Employees Specifications Hack Telephone System Videos Regulations Surveillance Phone System Web Server Managing Costs Scalability Directions Backup and Disaster Recovery Text Messaging Content Proactive IT Digital Payment Desktop SSID Administrator SharePoint Employer/Employee Relationships Bring Your Own Device Electronic Medical Records Media Worker Accountants Development Recovery Virtual Machine Competition Access Database Time Management Reviews Music Public Cloud Optimization Computer Accessories Smart Technology Teamwork Entrepreneur Health IT 2FA LiFi Equifax Data Storage Documents Hard Drive Disposal Hypervisor Application Audit Spyware Tactics Botnet Username Shopping File Sharing Medical IT Business Intelligence SQL Server Rental Service Redundancy Paperless Micrsooft Startup Freedom of Information Flash Cache Addiction PCI DSS Securty email scam Licensing Navigation Telephone Systems Unified Threat Management Gig Economy Business Growth Workers Mobile Security Humor Domains Supply Chain News Azure User Tip Business Communications Legislation Internet Service Provider Network Management Regulations Compliance Troubleshooting CCTV Managed IT Service Printing Evernote Banking Touchscreen Google Wallet Memes Workplace Computer Malfunction Fake News Messenger Emergency Proxy Server Human Resources Deep Learning Emails Net Neutrality Vendor Mangement Service Level Agreement Financial Data Computing Infrastructure Public Speaking Business Metrics Management Risk Management Streaming Media Hosted Solution Samsung Device security IT Scams Webcam Microsoft Excel Keyboard Books Google Apps Uninterrupted Power Supply Wireless Headphones Language Business Mangement Going Green Telework Business Owner Society Business Cards Hard Drives Tech intranet Error Smartwatch Tablets Communitications Microsoft 365 Cables Wireless Visible Light Communication Shortcut Reading Bookmark Monitors Procurement Download FinTech Windows 8 Supercomputer Piracy Heating/Cooling Environment Google Calendar Term Social Networking Virus CES Windows XP HTML IT Assessment Point of Sale Advertising Motion Sickness Value Relocation Browsers Displays Nanotechnology Supply Chain Management Work/Life Balance Google Drive Upload Organization Inbound Marketing Tech Support Software License Cyber security Shortcuts Comparison Google Play Social Network Smart Devices Remote Working Knowledge Data Analysis Corporate Profile Screen Reader Telephony Trends AI Employer Employee Relationship Mobile Technology Trend Micro Be Proactive In Internet of Things Television Security Cameras Transportation Hacks Customer Resource management Digital Security Cameras Electronic Payment Network Congestion Cabling Devices Electronic Health Records Staffing G Suite Tip of the week Wasting Time Reliable Computing Fileless Malware Writing Tablet VoIP Gamification Tracking Company Culture eCommerce IP Address Modem Workplace Strategies Mouse

Blog Archive

Recent Comments

No comments yet.

Interested In A Free Consultation?

Click Here