A Guide to PCI Data Security and Compliance Requirements

PCI Data Security and Compliance Requirements

What is PCI?Specifically, the Payment Card Industry Data Security Standard (PCI DSS) prohibits the storage of the full contents of any magnetic-stripe, CVV2 or PIN data. Storage of this type of data is in violation of (PCI DSS) and the card company operating regulations. It also provides security requirements for transmitting card data.

PCI is a data protection standard and it provides a lot of detail on how that protection should be implemented. This means that PCI is not only good for protecting payment card data, but also protecting your business and any personally identifiable information you may have about your customers and employees.

The Financial Risks of a Breach are Real. As the rules & regulations now stand, once your business has been identified as the compromised location, you are responsible for the costs of any forensics exam, remediation, mandated security monitoring, fines and chargebacks!

Good Advice: Contact your business insurance provider and ask them about a comprehensive data compromise rider to cover you in case of a breach.

2011 PCI Compliance Requirements

Step 1: Complete the appropriate PCI Self Assessment Questionnaire

At a minimum all businesses accepting card payments should complete the Self Assessment Questionnaire. You can do this yourself at no cost.

  • SAQ A – Card-not-present Merchants, All Cardholder Data Functions Outsourced.
  • SAQ B – Merchants with Only Imprint Machines or Only Standalone, Dial-Out Terminals. No Electronic Cardholder Data Storage.
  • SAQ C-VT – Merchants with Web-Based Virtual Terminals, No Electronic Cardholder Data Storage.
  • SAQ C – Merchants with Payment Application Systems Connected to the Internet, No Electronic Cardholder Data Storage.
  • SAQ D – All Other Merchants and All Service Providers Defined by a Payment Brand as Eligible to Complete an SAQ.

Step 2: Once the SAQ is complete, you may find that your business requires vulnerability scanning of your Internet connections. This will require that you hire a Qualified Security Assessor.

Vantage Partners with ControlScan to assist merchants

As a market leader in PCI compliance, ControlScan will help your business achieve and maintain PCI compliance with the SAQ and vulnerability system scanning (Scan), both designed to uncover security gaps and provide best practices to prevent data compromise. Additional tools include a Security Policy Builder and an Internal Security Awareness training program.

Enjoy Discounted Pricing <Learn More, Sign Up and Get Started>

  • Merchants using touch tone capture, dial up terminals, or a virtual terminal may sign up for ControlScan's PCI 1-2-3 Self Assessment Questionnaire and Security Policy Generator service for only $60 a year.
  • Merchants using a terminal or POS connected to the internet or ecommerce merchants may sign up for ControlScan's PCI 1-2-3 periodic and on-demand vulnerability scanning, Self Assessment Questionnaire and Security Policy Generator service for only $100 a year.

Bonus Offer: Get your PCI Compliance Certificate and earn 2,500 Bonus Vantage Points! <Learn More>

Please act now to secure your payment systems and comply with the Payment Card Industry Data Security Standards. Additional comprehensive information can be obtained at https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml.

 

by Ty Hardison

Share this Post

Share to Facebook Share to Twitter Share to Google+ Share to LinkedIn More...