|Monday||08:00 – 21:00|
|Tuesday||08:00 – 21:00|
|Wednesday||08:00 – 21:00|
|Thursday||08:00 – 21:00|
|Friday||08:00 – 21:00|
|Saturday||08:00 – 21:00|
|Sunday||08:00 – 21:00|
Are you a small or medium sized business looking for additional information about PCI Compliance?
On our website, PCICompliance.com, you will find useful information on how you can become PCI Compliant.
We also provide cyber security consulting and will allow you to protect your data from hackers.
If you want to check out our latest webinar: Click here
The main services of PCICompliance.com :
- PCI Compliance consulting
- Cyber security
- Consulting and training such as
- PCI compliance solutions
- Cybersecurity training
Our cyber security services are especially interesting for small and medium sized businesses who want to become PCI compliant in the USA or abroad.
If you want to read the main faqs related to PCI compliance : click here
Does you business need to become PCI Compliant ?
Our PCI Compliance experts are ready to help you protect your business by becoming PCI Compliant.
If you would like to know more about our services click here
PCICompliance.com® is dedicated to helping you become PCIcompliant and to protect your assets from hackers. Our clients such as hotels or restaurants want to become PCI compliant.
Our PCI compliance experts will assist your rapidly in order to solve your issues.
Our cyber security experts are highly trained and will help you become PCI Compliant as fast as possible.
If you want to find out more about us, just click here
What is PCI Compliance ?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with the objective to increase security throughout the transaction process. The PCI DSS is managed by the PCI SSC, an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.).
Additional information about PCI Compliance
To whom does PCI DSS apply ?
You can find the latest PCI Data Security Standard (PCI DSS), PCI Security Standards Council website.
What are the PCI compliance ‘levels’ and how are they determined?
Transaction volume is based on the aggregate number of Visa transactions (inclusive of credit, debit and prepaid) from a merchant Doing Business As (‘DBA’).
In cases where a merchant corporation has more than one DBA, Visa acquirers must consider the aggregate volume of transactions stored, processed or transmitted by the corporate entity to determine the validation level. Bloc 2
If data is not aggregated, such that the corporate entity does not store, process or transmit cardholder data on behalf of multiple DBAs, acquirers will continue to consider the DBA’s individual transaction volume to determine the validation level. Merchant levels as defined by Visa:
Level 1 : Any merchant — regardless of acceptance channel — processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.
Level 2 : Any merchant — regardless of acceptance channel — processing 1M to 6M Visa transactions per year.
Level 3 : Any merchant processing 20,000 to 1M Visa e-commerce transactions per year.
Level 4 : Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants — regardless of acceptance channel — processing up to 1M Visa transactions per year.
* Any merchant that has suffered a breach that resulted in an account data compromise may be escalated to a higher validation level
Where can I find the PCI Data Security Standards (PCI DSS)?
What are the PCI compliance deadlines?
However, as a Level 4 merchant, you will have to refer to your merchant bank for their specific validation requirements and deadlines.
All deadline enforcement will come from your merchant bank. You may also find more information on Visa’s Website:
I’m a small merchant and I only do a few credit card transactions ; do I need to be compliant with PCI DSS?
The payment brands have collectively adopted PCI DSS as the requirement for organizations that process, store or transmit payment cardholder data.
If I only accept credit cards over the phone, do I need to be PCI Compliant ?
Does my organization have to be PCI compliant if we only use third-party processors ?
It may reduce the scope and therefore reduce the effort to validate compliance.
Nevertheless, your organization still needs to be PCI compliant.
My business operates in different locations, do I need to be PCI Compliant for each location ?
Also, if applicable, you will need to submit quarterly passing network scans by an PCI SSC Approved Scanning Vendor (ASV).
Are debit card transactions in scope for PCI Compliance ?
if I have an SSL certificate, am I PCI DSS compliant?
What are the penalties for noncompliance?
The banks will very likely pass this fine on to the merchant. It is also likely that the bank will either terminate your relationship or increase transaction fees. Penalties are not widely publicized, but they can catastrophic to a small business. We therefore encourage you to read your merchant account agreement, which should outline your exposure.
What is considered ‘cardholder data’?
What is the definition of ‘merchant’?
What constitutes a payment application?
A payment application is anything that stores, processes, or transmits cardholder data. This means that anything from a Point of Sale System (e.g., Verifone swipe terminals, ALOHA terminals, etc.) in a restaurant to a Website e-commerce shopping cart (e.g., CreLoaded, osCommerce, etc) are all classified as payment applications.
What is a payment gateway?
What constitutes a Service Provider?
How is IP-based POS environment defined?
What is PA-DSS and PABP?
1. New PCI Level 4 merchants (including new locations of existing relationships) may not use vulnerable payment application versions – those that store prohibited cardholder data. January 1, 2008
2. New PCI Level 4 merchants using third-party payment software must be either PCI DSS-compliant or use PA-DSS validated compliant payment applications. October 1, 2008
3. ALL PCI Level 4 merchants (new and existing) using third-party software must use validated applications. July 1, 2010
Can the full credit card number be printed on the consumer’s receipt?
Also, PCI DSS does not override any other laws that legislate what can be printed on receipts (such as the U.S. Fair and Accurate Credit Transactions Act (FACTA) or any other applicable laws). See the italicized note under PCI DSS requirement 3.3 “Note: This requirement does not apply to employees and other parties with a specific need to see the full PAN, nor does the requirement supersede stricter requirements in place for displays of cardholder data (for example, for point of sale (POS) receipts).” Any paper receipts stored by merchants must adhere to the PCI DSS, especially requirement 9 regarding physical security. Source: PCI SSC
Do I need vulnerability scanning to validate compliance?
What is a network security scan?
How often do I have to scan?
What if a merchant refuses to become PCI compliance ?
However, if a breach occurs, merchants that do not comply with PCI DSS may be subject to fines, card replacement costs, costly forensic audits, brand damage, etc.
The consequences of a security breach can be catastrophic for a small or medium sized business. The cost of becoming PCI compliant and protecting cardholder data are therefore in our opinion well worth it.