PCI Compliance – A must of ecommerce credit card processing

PCI DSS or Payment Card Industry Data Security Standard is a kind of a universal norm for security established by the PCI Security Standards Council.  This norm or standard needs to be followed by any organization that utilizes processes or sends information pertaining to the credit cards issued by companies like MasterCard, American Express and Visa.
How are you impacted?
The main impact is on the security aspect.  Close to 234 million credit card holder data were either leaked or hacked into in the last four years in the world, which led to the institution of certain mandatory check points.  For instance, Visa made changes to its Account Information Security Program beginning October, such that it made it compulsory for all merchants handling less than a million annual transactions comprising of levels  2, 3 and 4 to process through the PCI DSS accredited provider only.  They could do this either through a PCI Compliance certificate provider or give alternate certification of this compliance to demonstrate that they are indeed following this.

When you as a merchant process through any of the PCI Compliance certificate providers, the advantage is that the site itself through its payment pages is fully compliant with PCI and you are only required to fill up the SAQ (Self Assessment Questionnaire), related to the transactions.  Only when you store, process or transmit cardholder data on your business network, will you need to get vulnerability scans done every quarter.

Irrespective of your methodology of processing online credit card payments, there are some measures that you are supposed to take to ensure that your business is in full compliance with PCI.
What are these measures?

Depending on the number of transactions processed by you as a merchant, there are different levels stipulated.  These levels are the data you need to provide for showing compliance.

* A merchant who processes more than six million records annually, needs to get an audit done at site in addition to getting his network scanned every quarter.
* Merchants processing less than six million records or transactions per annum do not need to conduct an audit at site, but need to fill up the SAQ and get their network scanned annually and quarterly respectively.

Merchants processing through any of the PCI Compliance certificate providers however need not go through the quarterly scan as that will be taken care of by the Level 1 PCI DSS compliance validation that is inherent in the systems of these providers.  Of course, the only condition is that you do not use your own business network with your site being located at a different place to process credit card information.
Types of Self Assessment Questionnaires

Though the SAQ is of 4 types, you are only required to complete the type that is relevant to your activity.

* SAQ A
This is applicable for merchants who outsource card member data and who use the services of the PCI Compliance certificate provider.

* SAQ B
This type is relevant only for those merchants who process information face –to-face.

* SAQ C
Those merchants who have point of sale systems linked to the service provider through the internet will be required to use SAQ C since there is no data of card members stored at the site.

* SAQ D

This type is for merchants, who function in an environment wherein all necessary card member information is stored and undergoes preliminary processing internally.

The PCI website provides total information on the SAQ that is meant for your business and you can download the same for completion when required.

This is some text prior to the author information. You can change this text from the admin section of WP-Gravatar  Test Bio for Temi Read more from this author

| | | | | |

• 

Related posts:

1. EWise and POLi payment system – No credit card required
2. Hi-tech credit card to combat online fraud – Visa CodeSure
3. Protecting Customer Personal Data
4. Online Payment Processing by Streamline.com
5. Online business and chargebacks

Written by temi · Filed Under eCommerce 
Tagged: credit card processing, pci compliance, SAQ D