PCI Audit Services
What is PCI DSS Compliance, often shortened to PCI Compliance?
This is a simple guide to PCI DSS compliance. It is just that, a simple guide with no guarantees whatsoever.
For the definitive guide to this subject, see https://www.pcisecuritystandards.org/ or there's an excellent detailed overview at http://www.pcicomplianceguide.org/aboutpcicompliance.html
The Payment Card Industry (PCI) is a joint industry organisation set up by a group of the major credit card companies. Part of PCI is the PCI Security Council.
What's PCI DSS?
PCI DSS is PCI's Data Security Standard (DSS) created, owned and managed by the PCI Security Council
Under the PCI DSS, an organization should be able to assure their customers that its credit card data/account information and transaction information is safe from hackers or any malicious system intrusion.
The PCI Security Standards Council is not a policing organization. It does not enforce the PCI DSS, nor does it set the penalties for violations of the PCI DSS. Enforcement is left to the specific credit card companies and acquirers. PCI DSS does not replace the individual credit card company's compliance programs.
Basic rules on PCI DSS compliance:
PCI DSS compliance includes merchants and service providers who accept, capture, store, transmit or process credit and debit card data.
As of September 2006, PCI DSS 1.1 includes 12 major requirements (see below). A single violation of any of the requirements can trigger an overall non-compliant status.
Each non-compliant incident will result in steep fines, suspension and revocation of card processing privileges.
Who enforces PCI compliance?
Each credit card company separately determines who must be compliant, including any brand-specific enforcement programs.
Credit card companies and acquirer banks can levy stiff fines and remove the merchant's ability to process credit card transactions until the merchant is PCI compliant.
In order to be PCI DSS compliant, each card issuer has its own criteria for assigning a merchant level and validation compliance classification level for a merchant, third party or service provider.
For the majority of organizations, the standards set forth by Visa's CISP program and MasterCard's SDP program cover the qualifications for assigning both a merchant level and compliance level, along with incorporating PCI DSS.
What are the different PCI compliance levels?
Four compliance levels (1 to 4 with 1 being the highest) are defined for both Merchants and Service Providers.
The compliance level is based on transaction volume (the higher the number of transactions, the higher the level required) but the highest level may also be imposed on other organisations that have been attacked or are otherwise thought extra risky.
Each level of compliance has an associated defined level of compliance validation which defines the validation and audit actions and who needs to carry out the validation actions, in order to be PCI DSS compliant. For full details, see https://www.pcisecuritystandards.org/ or http://www.pcicomplianceguide.org/aboutpcicompliance.html
What are the 12 major PCI requirements?
PCI DSS compliance specifies 12 major requirements which fall into 6 categories as follows:-
How can McHarg.com Help?
McHarg.com can help your organisation with the PCI DSS process from the initial review audit to understand where you are to helping correct any areas technically that need addressing.
Our services are divided down into four areas as follows:
Contact us today for more information and a quotation on 07050 104 715 or contact us through our feedback form