What is PCI Compliance?
Payment card industry (PCI) compliance is mandated by credit card companies to help ensure the security of credit card transactions in the credit card payments industry. Payment card industry compliance refers to the technical and operational standards that businesses follow to secure and protect credit card data provided by cardholders and transmitted through card processing transactions. PCI standards for compliance are developed and managed by the PCI Security Standards Council.
Merchants are divided into 4 different levels based upon the amount of transactions your business processes annually. However, most merchants typically fall into Level 4. Level 4 applies to merchants that process fewer than 20,000 Visa or Mastercard e-commerce transactions per year or up to 1 million total Visa or Mastercard credit card transactions and that have not suffered a data breach or attack that compromised card or cardholder data.
If you are a Level 4 merchant you will need to complete a network vulnerability scan of your system quarterly, keep your Self-Assessment Questionnaire (SAQ) updated, and follow the best practices recommended by the PCI SSC to keep your account compliant and protected.
What is a Network Vulnerability Scan?
A network vulnerability scan checks your website and payment processing system for vulnerabilities, such as malware and viruses. The scan will also inspect every IP address that is reachable by the public from your site. You will need to update it anytime you have a significant change to your network configuration.
What is a Self-Assessment Questionnaire (SAQ)?
A Self-Assessment Questionnaire is a merchant’s statement of PCI compliance. It is a way to show that you’re business is taking the security measures needed to keep cardholder data secure at your business with a series of questions.
Regardless of your business type, suffering an actual data breach will cost your business a lot of money and in some cases can cause a merchant to file for bankruptcy.