PCI DSS
Make your infrastructure PCI Compliant
What does PCI Compliance mean?
PCI Compliance requires adherence to the technical standards that businesses should follow to secure and protect credit card data information.
What are the 4 levels of PCI Compliance?
1. Merchants that process over 6 million card transactions annually.
2. On second level 1 to 6 million transactions annually.
3. Third level 20,000 to 1 million transactions annually.
4. Forth level Merchants that process fewer than 20,000 transactions annually.
What is PCI Self-Assessment?
A PCI Self-Assessment Questionnaire (PCI SAQ) is a merchant's self-attestation of PCI compliance. Each SAQ includes a list of security requirements that businesses must follow.
To whom does the PCI DSS apply?
The PCI DSS is applicable to any company, no matter the size or volume of transactions, that receives, transmits, or maintains any cardholder data.
Do PCI DSS Requirements apply to Bluetooth technology?
Yes. PCI DSS requirements apply wherever payment card account data stored, processed, or transmitted. For example, PCI DSS Requirement 4 states that strong cryptography. And security protocols must be used to safeguard sensitive cardholder data during transmission over open, public networks. Bluetooth technology is included in Requirement 4 guidance as an example of an available, public network, and cardholder data sent over Bluetooth must therefore be protected in accordance with this requirement. If a Bluetooth implementation cannot meet strong cryptography, compensating controls will need to be implemented to prevent unauthorized access to Bluetooth transmissions to capture cardholder data.
What effect does UnionPay's inclusion in PCI DSS documents have on a company's PCI DSS assessment?
If the inclusion of UnionPay in PCI DSS documents affects a company's PCI DSS assessment considered by the PCI DSS participating Payment company. Each Participating Payment Brand currently has its own PCI compliance programs for the protection of its affiliated payment card account data. Companies should always get in touch with their acquirer or the payment providers directly to learn about their compliance reporting requirements, including any possible effects on a PCI DSS assessment.
How do I get in touch with the card companies?
UnionPay has been included in the PCI DSS v3.2.1 documents as a Participating Payment Brand. Also, mentioned in both the PCI DSS v3.2.1 and v4.0 documents.
Benefits of PCI Compliance
At the most, following PCI Security Standards sounds like a difficult task. The lots of companies, let alone smaller businesses, the confusion of requirements and difficulties feels like a lot to handle. But, if you have the correct tools, compliance may not be as difficult as you think it will be and is becoming more essential. PCI SSC believes that compliance has several benefits, especially considering the possible severity and duration of the consequences of failure.
For example:
- This PCI Compliance means that your systems are secure, and your customers can trust you with their sensitive payment card information. Trust leads to customer confidence and repeats customers.
- Your standing with acquirers and payment companies will improve because of PCI Compliance, making them the ideal business partners.
- PCI Compliance is an ongoing process that aids in preventing security breaches and payment card data theft in the present and in the future. PCI compliance means you provide an international payment card data security solution.
- As you try to meet PCI Compliance, you become more ready to comply with other laws like SOX, HIPAA, and others.
- This Compliance helps with business security plans (even if only a starting point).
- It’s likely that PCI Compliance will improve the efficiency of IT infrastructure.