If you are a merchant then one of the things that you might find yourself asking is "What is PCI compliance?" First you must understand what PCI is. PCI is the acronym for Payment Card Industry. Payment Card Industry is basically like saying the top five companies that are known for their payment card processing. These five companies are American Express, Discover, Japanese Credit Bureau, Mastercard, and Visa. They are known for their logos and their logos are actually accepted around the globe in many different places.
They have years of experience with online transactions by the PCI industry. PCI industry is comprised of top five payment card processors, Visa, Mastercard, American Express, JBC, and Discover. Combined, they have seen every, and any type of malicious threat to their processing systems that ever existed. The old joke quotes a bank robber who they asked why he robs banks, he responded, "that is where the money is". Well, in today's language, people with malicious intent focus on payment processor sites, because "that is where the money is".
By securing PCI security compliance you are taking advantage of years of experience in defending online assets from intruders. Ideas to protect your own intellectual property online are another benefit of PCI. Following the PCI DSS standard to the T will give you ideas for how to protect your own business data. Your business data may not be as desirable by most criminals as the "money" is, but, nevertheless, your data is valuable and you would not want to be a victim of modern, online industrial espionage.
Now, how do you know which SAQ (Self-Asssessment Questionnaire) to fill out? You need to find which merchant type best fits your company profile: A: E-commerce, mail or telephone order merchants that do not store cardholder data (CD). All cardholder data functions are outsourced. This does not include face-to-face merchants. B: Merchants that do not store electronic cardholder data. Instead, this applies to merchants that use an imprint machine to copy cardholder information. Also applies to standalone, dial-out terminal merchants. C-VT: Web-based virtual terminal merchants that do not store electronic cardholder data. C: Merchants that use a payment application system connected to the Internet and do not store electronic cardholder data. If using a software vendor for the payment application system, they must take security measures to ensure the app meets PCI compliance. D: This includes all of the other merchants that aren't included in the above categories, including all service providers defined as eligible to complete a SAQ and approved by a payment brand.
They may also charge you higher fees. On the other hand, if you continue to process transactions through Visa and Mastercard when non PCI compliant, and avoiding a PCI audit, you may face steep fees and penalties, especially in the case of the breach and compromise of cardholder information. Don't take PCI compliance lightly, it is really important.
They have years of experience with online transactions by the PCI industry. PCI industry is comprised of top five payment card processors, Visa, Mastercard, American Express, JBC, and Discover. Combined, they have seen every, and any type of malicious threat to their processing systems that ever existed. The old joke quotes a bank robber who they asked why he robs banks, he responded, "that is where the money is". Well, in today's language, people with malicious intent focus on payment processor sites, because "that is where the money is".
By securing PCI security compliance you are taking advantage of years of experience in defending online assets from intruders. Ideas to protect your own intellectual property online are another benefit of PCI. Following the PCI DSS standard to the T will give you ideas for how to protect your own business data. Your business data may not be as desirable by most criminals as the "money" is, but, nevertheless, your data is valuable and you would not want to be a victim of modern, online industrial espionage.
Now, how do you know which SAQ (Self-Asssessment Questionnaire) to fill out? You need to find which merchant type best fits your company profile: A: E-commerce, mail or telephone order merchants that do not store cardholder data (CD). All cardholder data functions are outsourced. This does not include face-to-face merchants. B: Merchants that do not store electronic cardholder data. Instead, this applies to merchants that use an imprint machine to copy cardholder information. Also applies to standalone, dial-out terminal merchants. C-VT: Web-based virtual terminal merchants that do not store electronic cardholder data. C: Merchants that use a payment application system connected to the Internet and do not store electronic cardholder data. If using a software vendor for the payment application system, they must take security measures to ensure the app meets PCI compliance. D: This includes all of the other merchants that aren't included in the above categories, including all service providers defined as eligible to complete a SAQ and approved by a payment brand.
They may also charge you higher fees. On the other hand, if you continue to process transactions through Visa and Mastercard when non PCI compliant, and avoiding a PCI audit, you may face steep fees and penalties, especially in the case of the breach and compromise of cardholder information. Don't take PCI compliance lightly, it is really important.
About the Author:
Looking to find the best deal on PCI Compliance, then visit www.trust-guard.com to find the best advice on the PCI Compliance Standards for you.
No comments:
Post a Comment