What is PCI?
PCI stands for payment card industry. The payment card industry is a collective name for the credit, debit, ATM, prepaid, and point-of-sale card businesses.
What is PCI DSS?
PCI DSS stands for payment card industry data security standard. PCI DSS are the security protocols that certain credit card companies must adhere to so fraud can be prevented.
Not all credit companies adhere to the PCI DSS. The major card companies (Visa, American Express, MasterCard) do, however.
What’s the difference between PCI and PCI DSS?
PCI refers to the credit card industry, whereas PCI DSS refers to the security standards that are set forth. Many people simply leave DSS off the security protocols and call them PCI.
Who sets the PCI DSS?
The major credit card companies formed an organization called the Payment Card Industry Security Standards Council (PCI SSC) in 2006 to oversee and manage the PCI DSS.
Initially, the council operated as their own internal security. To set a standard to prevent fraud, the companies joined up.
What are the PCI DSS requirements?
- Create and maintain a safe and secure network. Install a firewall and reset any vendor-supplied passwords for security equipment.
- Keep cardholder data safe. Make sure this is done via encryption, especially when transmitting data over open networks.
- Have a vulnerability management system for your company. Install anti-virus software on all systems and create systems that ensure that security.
- Create restrictions on accessing card data. Make cardholder data available on a need-to-know basis by restricting physical access and assigning an ID to anyone with computer access.
- Test and monitor card networks. Make sure all systems are running successfully.
- Create and upkeep a policy on information security
I’m a small business. Do I have to follow the PCI DSS?
Yes. PCI DSS compliance falls into four levels depending on your business. The levels are based on the volume of Visa credit card transactions conducted by a single business over a one-year time frame.
- Merchant Level 1 — A business processes 6 million Visa transactions per year
- Merchant Level 2 — A business processes 1 million to 6 million Visa transactions per year
- Merchant Level 3 — A business processes 20,000 to 1 million Visa electronic transactions per year
- Merchant Level 4 — A business processes less than 20,000 Visa electronic transactions as well as up to 1 million Visa transactions per year
It sounds like being PCI DSS compliant is required.
It is not. Some private credit card companies do not require PCI DSS compliance. However, if you work with one of the major card companies, it is best to become compliant.
I operate a chain of restaurants. Do all my restaurants have to be PCI compliant or will one location be enough?
Each location must be PCI DSS compliant. The goal of PCI DSS is to keep credit cardholder information safe and secure. If you only have one location that is compliant, but many others that transmit data freely, then your entire business is non-compliant.
How do I get all this set up?
This may all sound daunting, but it can be very easy with the right kind of service. Authorized Credit Card Systems can help set up your business and make it PCI DSS compliant. If you want to process the major credit cards like Visa, Mastercard, or American Express, our company can help you do just that.
If you need to get compliant fast and live in the Austin area or beyond, contact us now for a free consultation. We can help get your business up to PCI compliance with ease.