Google+ Linked In Blog
design mobile interactive
Google+ Linked In Blog
Show Nav
Blog Posts

Show all posts

PCI Compliance Guide - Internet 101


Nov. 21, 2012 5:53 pm

The internet can be a great source of revenue for small business.  However, it can also be a great source of frustration for those that may not know the rules of business on the World Wide Web.

One such issue is PCI Compliance.
"The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment."   - PCI Guide
Ultimately the PCI guidelines are to protect the consumer and businesses.  Credit card data that is easily hacked into is a huge security issue for consumers.  And, businesses that knowingly store this data in an unsecured location are helping these hackers do what they do.

Do I need to be aware of the PCI Guidelines?   

If you transmit, accept or store credit card information, then the PCI Compliance guidelines apply to you; regardless of the size of your business or organization.  These transactions can occur via the web or over the phone.  

My website has an SSL, so I must be covered.

An SSL Certificate is a secure webpage that credit card transactions occur on.  Though, an SSL certificate will not secure the server on which credit card data may be stored; thus they are vulnerable on the server.  An SSL Certificate is not enough to secure all credit card data, but it is an important component in secure credit card transactions.

Tip:  How do I know if a webpage is secure?  The URL should begin with "https://" 

I use a third-party to process transactions, so they'll take care of this.

Not necessarily.  It is important that your third-party vendor is PCI Compliant, however some of the transaction data may still be saved on your servers.  Using a third-party may cut down your risk, but it's best to be sure your customers' data is safe.

Okay, where do I begin?

The first piece of information to gather is this:  How many VISA card transactions has your business or organization processed in the last 12-months?  
Level 1 - 6 million or more VISA transactions per year.
Level 2 - 1 million - 6 million VISA transactions per year.
Level 3 - 20,000 - 1 million VISA transactions per year.
Level 4 - Fewer than 20,000 VISA transactions per year.
Most small-to-medium sized businesses fall in Level 4.
Assuming you're a Level 4 business, these are the following steps you need to take to ensure PCI Compliance:

  1. Find which Validation Type your business falls under.  

  2. Take the Self-Assessment Questionnaire (SAQ) --the instructions will assist you as to which questionnaires to fulfill.

  3. If you store cardholder info or if your processing systems are connected to the internet, you'll need to complete and gather evidence of passing a vulnerability scan.  Scans must be conducted by a PCI SSC Approved Scanning Vendor.   

  4. Complete the appropriate Attestation of Compliance

  5. Submit the SAQ (Self Assessment Questionnaire), data of passing scan (if applicable), and the Attestation of Compliance (found in document with SAQ), along with any other requested documentation, to you acquirer.

Where can I find the standards online?

If you need a hand tackling PCI Compliance for your business, we would be happy to help!  We've been down this road with many of our clients and can leverage that knowledge for you!  Simply contact us today!


Useful Links
PCI Compliance Guide
Official PCI Security Standards Council
PCI Compliance Checklist by the Better Business Bureau

--

This post is the part of a series of Internet 101 information topics. As always, when class is dismissed, you're welcome to contact us if you have any questions or would like any additional information. If you don't feel at the head of your class, don't worry, we took notes.

- Comments

Click here for more Blog Posts.
CATEGORIES

•  All (81)
•  Apple (1)
•  Branding (1)
•  Business-Apps (1)
•  Business-Development (5)
•  Case-Studies (3)
•  Content-Management (2)
•  Custom-Websites (5)
•  DMI-Studios (5)
•  Does-My-Website-Suck (2)
•  E-Learning (1)
•  Facebook (5)
•  Fun-Friday (3)
•  Gift-Your-Website (5)
•  Holidays (1)
•  Internet-101 (6)
•  Local-Search (1)
•  Marketing (3)
•  Mobile-App (6)
•  Mobile-Browsing-Statistics (3)
•  Mobile-Goals (4)
•  Mobile-Phones (2)
•  Mobile-Websites (5)
•  News-Articles (2)
•  PCI-Compliance (1)
•  PaRkS---Parks-Reservation-System (1)
•  Responsive-Design (1)
•  Runwaysite (1)
•  Search-Engine-Marketing (3)
•  Search-Engines (3)
•  Social-Media (3)
•  Tourism (4)
•  Website-Design (10)
•  eCommerce (5)
•  websites (4)
Home   What   Who   Why   Contact
1400 Lombardi Ave - Suite 30
Green Bay, WI 54304
800-364-2010
920-436-0888



Copyright © 2017 DMI Studios
DMI Studios works with clients from all over the United States including those from Wisconsin (Green Bay, Appleton, Oshkosh, Oconto, Marinette, Milwaukee, Madison, La Crosse, Eau Claire, Stevens Point, and beyond), Arizona, Connecticut, Florida, Michigan, Minnesota, New Jersey, and Oregon.