So, you either transmit, store, or process credit cardholder data for your business. You already know that means you need to be compliant with the 12 Payment Card Industry Data Security Standards (PCI DSS).
However, based on the number of transactions your company processes per year, there are specific levels of PCI compliance that need to be met. As a first step towards compliance, it’s important to know where your company falls on that spectrum, and how that can change the way you reach those requirements.
There are four levels of PCI compliance (these are mandated by Visa and Mastercard):
Keep in mind also that if you have a breach, it is possible that the card issuer can change your necessary compliance level. For example, you may only process 20,000 transactions in a year, which would put you at compliance level 3, but after a data breach Visa can determine that you now need to meet level 1 requirements.
What’s the difference between these levels? If your company is large enough to need level 1 compliance, you must get an independent approved scanning vendor (ASV) to come and audit your system and processes. If you are any of the lower levels, you won’t have to get an independent auditor, and instead can complete a PCI DSS Self-Assessment Questionnaire annually.
There are many different Self-Assessment Questionnaires (SAQ) available as well, so you want to make sure you’re using the right one, based on your business:
With this and the PCI DSS in-hand, you’ve got the information you need to start working on those standards.
Want a little more information on PCI compliance? Download our PCI Compliant Hosting white paper, and we can give you a complete resource for outsourced PCI hosting.
Internet Retailer Conference & Exhibition (IRCE) 2013
Online Tech is exhibiting PCI hosting solutions at the IRCE 2013 conference in Chicago from June 4-7 at the McCormick Place West at booth #108!
Known as the world’s largest e-commerce event, the IRCE conference draws 9,500 e-retailing executives from more than 40 countries. The extensive agenda includes 220 speakers, 120 sessions and 6 workshops covering e-retail topics.
Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.