Tuesday, March 1, 2016

PCI – Answering Your Questions

What is PCI?
PCI DDS (Payment Card Industry Data Security Standard) is a set of requirements designed to ensure all companies that process, store and/or transmit credit card information maintain a secure environment.  This independent body was established in 2006 to focus on the improvement of security throughout the transaction process.

Does PCI apply to your business?
The PCI applies to anyone who has a merchant ID (MID).  In other words, PCI applies to any and all merchants/businesses that accepts, transmits or stores any cardholder data. 

What are the PCI compliance levels?
Each merchant will fall into one of the four merchant levels based on Visa transaction volume of a 12-month period. 
Level 1: Any merchant – regardless of acceptance channel – processing over $6 million Visa transactions per year.  Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.
Level 2: Any merchant – regardless of acceptance channel – processing $1 – $6 million Visa transactions per year.
Level 3: Any merchant processing $20,000 - $1 million Visa e-commerce transaction per year. 
Level 4: Any merchant processing fewer than $20,000 Visa e-commerce transactions per year and all other merchants – regardless of acceptance channel – processing up to $1 million Visa transactions per year.
** Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.

What does a Level 4 merchant have to do in order to satisfy the PCI requirements?
A merchant must complete the Self Assessment Questionnaire (SAQ) according to the instructions it contains.  Once you have completed make sure you obtain the evidence of a passing and make sure to share with your acquirer.

Do businesses using third-party processors or gateways have to be PCI compliant?
Yes, as stated above any business that stores, processes or transmits payment cardholder data must be PCI compliant.  Using a third-party company may cut down the risk of exposure and consequently reduce the effort to validate compliance.  Apex Payment Solutions, with the help of First Data, ensures that all of our customers are PCI compliant each year.

If I need more information on the PCI Data Security Standard, where can I find it?
You can find all the current PCI DDS documents on the PCI Security Standards Council Website.


If you have any specific questions regarding your PCI compliance, contact your Apex Payment Solutions representative today!
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)