Is your business prepared to comply with the PCI DSS standard?
Since the legislation on the secured card payments over the Internet came into force, it is becoming increasingly common to find customers who need specialised service to pass a PCI DSS audit.
But what is the PCI DSS standard? And above all, are you prepared to conform to it?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of rules and standards that enable your customers to make online card payments securely, preventing fraud or security breaches.
What is the benefit for your customers and your business?
- Trust and confidence in online shopping
- Protection against fraudulent activities
- Guaranteed security of the card data use
- Increasing your online reputation
- Avoiding costs associated with security breaches
Who must comply with the PCI DSS?
Any business that accepts card payments must conform to PCI DSS, although different levels of security are applied depending on the volume of transactions and the way their information is processed.
Which level applies to your company?Level 1
A business placed in Security Level 1 must fit the following parameters:
- It has suffered an attack in which your customer’s card data has been compromised.
- It exceeds a certain amount of annual transactions as a provider:
- More than 6 million VISA, MASTER or DISCOVER transactions
- More than 2.5 million AMEX transactions
- Over 1 million JCB transactions
If this is your case, you will be required to submit to an annual audit by a Qualified Security Assessor (QSA), who shall prepare a Report of Compliance (ROC) and send it to all card providers with whom you work. This audit assesses your business adequacy to the standard, performing various security checks.Level 2
Businesses in this level must perform the following transactions per year:
- Between 1 and 6 million VISA, MASTER or DISCOVER transactions.
- Between 50k and 2.5 million transactions AMEX
- Less than 1 million transactions JCB
If you meet this annual transaction volume, you are not required to conduct an audit, but instead must respond to a self-assessment questionnaire called Self-Assessment Questionnaire (SAQ)Level 3
This level is designed specifically for e-commerce transactions, but not all card providers than contemplated. Trade is included as Tier 3 the whole process the following number of annual transactions:
- Between 20 K and 1 million e-commerce VISA, MASTER or DISCOVER transactions.
- Less than 50 K AMEX transactions
This level is the least restrictive of all. The only requirement is completing the SAQ, although it is advisable to perform a quarterly network scan to ensure that no change has put your security at risk.
Now that you know the level of demand of your company, ask yourself:
What can Innovation Strategies do for me?
Along with QSA we support you in analysing your sales systems to design an action plan with the steps to achieve a PCI DSS compliant system.
We are a company specialising in IT, and we focus on three key points:
- Software: We analyse the critical aspects of your software, such as the payment gateway and the areas in your intranet where card data may appear. We review your log scripts to ensure that no sensitive card-related information is listed.
- Database: We analyse the different databases in your system to find any possible critical points.
- Hardware: We offer the best structure for your business.