The most important reason that Payment Card Industry Data Security Standards are in place is so that the customers and the businesses will not be open to identity theft and to discourage computer “hackers” from breaking into your business or entering into your bank accounts.  A hacker is someone who performs a network intrusion which is an unauthorized access to a computer network environment or payment system, to illegally obtain cardholder data.

Here is another definition – “data compromise and that is it is a deliberate attack on the communications or information processing systems exposing cardholder account information to third parties, and placing cardholders at risk of fraudulent use.  This attack can be initiated by a disgruntled employee, a malicious competitor, or a misguided hacker.  Attacks often result in damage or disruption to the entire payment system.  Protect your cardholder customers as best you can as you would want to be protected if you were your own customer. 

It is a requirement that merchants protect credit card processing data.  Companies are using common practices that have adopted common industry security requirements referred to as Payment Card Industry (PCI).  One of the ways that this is being accomplished is by going into partnerships with various security companies that can provide the data security and the mandatory industry requirements around the protection of data through the payment transaction process.

There are twelve requirements that need to be met and they range anywhere from installing a firewall to your mainframe network, encrypting all transmissions of cardholder data across open public networks, updating antivirus software, assigning unique IDs, maintaining an Information Security Policy, and regularly testing security systems and processes.

The PCI Security Council is an independent body responsible for the development and ongoing evolution of security standards for account data protection has developed the “Priority Approach”, which provides guidance for non-compliant merchants striving to achieve compliance.   This is a pretty powerful statement and a useful statement letting you as a merchant know that there is help available to get you where you need to be with your business.  This is in place for the protection of your customers.

Depending on the size and number of transactions your business processes each year will depend on the requirement or assessment you will be responsible for whether it is a quarterly scan or an onsite assessment.  Virus scanning is important and beneficial because you want to have your environment sealed off to individuals trying to break through your network.  The quicker you are able to catch someone the quicker you are able to shut them off.  Your goal is to safeguard your customer’s cardholder data, when you perform the scans continuously you are also following the requirements for ongoing Payment Card Industry compliance.

To learn more on on becoming PCI compliant for your online merchant account check out http://www.stradafee.com!  Make your credit card processing safe and secure for your clients.

PCI (payment card industry) compliance will be mandatory, and the deadline for all merchants and processors to be PCI compliant is July 1, 2010.  PCI compliance is required if you are receiving, storing or processing the Primary Account Number (PAN) or the main credit card number of the customer, which is usually no longer than 19 and no less than 16 digits in length.  In addition, a merchant or acquirer must remember that if a PAN is being stored or processed, the other information such as CVV/CVC and card holder information must be protected as well.

A common misconception is that PCI Compliance is a law, it is not a law yet.  It is a security standard set by the five major credit card companies Visa, MC, Amex, Discover and JCB.  The official name for the group is the PCI Security Standards Council.  Prior to the councils formation, each credit card company had its own set of security standards, now with the unity of the five credit card companies forming PCI SSC there is one set of security standards instead of five.     

There are 4 different merchant levels along with requirements for PCI DSS Compliance:

Level 1 – a merchant that transacts over 6,000,000 per year.  The merchant will be required to bring an assessor on-site called a QSA to evaluate the security and create an in-depth report on compliance.  Quarterly PCI Scans will also be mandatory.

Level 2 – a merchant that transacts between 1,000,000 – 6,000,000 per year.  Instead of a full report on compliance, the PCI Council will allow Level 2 merchants to complete a PCI Self-Assessment Questionnaire (SAQ).  Quarterly PCI Scans are mandatory.  Level 2 merchants will also need to complete a one page document that states that they don’t store certain card data information on file.

Level 3 – a merchant that transacts between 20,000 – 1,000,000 per year.  In place of a full report on compliance, the PCI Council will allow Level 3 merchants to complete a Self-Assessment Questionnaire (SAQ).  Quarterly PCI Scans are also required.

Level 4 – a merchant that does between 1 and 20,000 transactions a year.  Instead of a full Report On Compliance, the PCI Council will allow Level 4 merchants to complete a Self-Assessment Questionnaire (SAQ).  Quarterly PCI Scans are mandatory.

If you are a merchant that does not understand what PCI compliance means to you, check with your merchant service provider or website programmer so they can guide you through what you will need to do to become PCI compliant before July 1^st.