|
Payment Card Industry - PCI Compliance
Payment Card Industry - (PCI) Compliance is an initiative which is being strongly enforced by the four major credit card companies (Visa, Mastercard, Discover and American Express). Currently, being PCI compliant means that YOU are in compliance with the four major credit card companies. We're going to try to explain how these policies came about, and how you can be complaint.
The History of PCI Compliance
The program originally began as four different programs.
- Visa - CISP (Cardholder Information Security Program)
- Mastercard - SDP (Site Data Protection)
- American Express - DSS (Data Security)
- Discover - DISC - (Data Security Guidelines)
We all know that data security is a good idea, and like when any good idea is found - unification isn't always first in the process. Each company, Visa, American Express, Discover and Mastercard all went their own ways, creating their own security programs. Each program exists today still, and technically you could just become "Discover DISC Compliant", assuming you processed only Discover cards in your business or AMEX DSS compliant, assuming you only process American Express, and so on...
Basically, on December 15, 2004 - card associations created a set of "Industry Security Requirements", which are refered to as "PCI Compliance" - (Payment Card Industry Compliance). The agreement amongst the industry was that, if a merchant is VISA CISP compliant, all other companies, Mastercard, AMEX and Discover would honor your CISP compliance, and consider your company PCI Compliant.
How Does My Company Become PCI Compliant?
As with any new type of program, many companies emerge - telling you different information, trying to sell you things... This program is rather simple. You as a merchant don't need to sign up with the first company that comes your way telling you that you need their services to become PCI compliant.
When PCI compliance became an issue, Solid Cactus did a lot of research. We wanted to find out for our merchants - How can we help you become compliant? How expensive does this need to be for your company? What do you need to do?
Determining Your PCI Compliance Level
Do you need to worry about PCI Compliance? It depends on the size of your business. There are four levels of PCI Compliance, with most e-businesses falling into levels 2 and 3.
| Level 1 PCI Compliance |
This is for very large businesses, or sites that have been hacked or designated by credit card companies for Level 1 status. You'll be required to have an annual on-site security audit, and quarterly system perimeter scans. You need professional help! |
| Level 2 PCI Compliance |
This is for any merchant processing 150,000 to 6,000,000 major credit card company transactions per year. You'll be required to provide a quarterly system perimeter scan and an annual compliance questionnaire. |
| Level 3 PCI Compliance |
This is for any merchant processing 20,000 to 150,000 credit card transactions per year. You too will be required to provide the quarterly system scan and annual compliance questionnaire. |
| Level 4 PCI Compliance |
This is for merchants processing less than 20,000 e-commerce transactions per year. Scans and questionnaires are suggested but not required. |
Attaining PCI Compliance
Level 1 merchants must choose from a certified list of service providers. Solid Cactus has relationships with two vendors whose backgrounds we have thoroughly researched. Contact us and we will put you directly in contact with them. Or use any major credit card company's list of Compliant Service Providers and research your own vendor.
Level 2 and Level 3 merchants can meet the PCI Compliance Guidelines on their own with very little work and very little cost. There are 2 basic steps.
|
|
