We help explain your obligations for PCI Compliance.
Navigating the legal requirements for accepting credit cards in your business can be complicated. With Danso Consulting, we have a team of compliance experts that are aware of the rules and regulations that govern the Payment Card Industry Security Standards Council.
Following PCI DSS requirements is not only necessary to ensure your continued agreements with payment providers, but is also crucial to protecting your customers’ payment information, and in turn, your organisation’s reputation.
We can help answer any questions you may have regarding PCI compliance, and ensure that your organisation is fully compliant with each of the levels of PCI DSS.
Have a question about PCI DSS compliance?
Our team is highly knowledgeable and would be happy to help.
What level of PCI compliance do you need to follow?
Depending on your size of organisation or number of payments processed, you’re required to follow a different level of PCI compliance. Level 1 is the highest, level 4 is the lowest.
Different levels have different auditing and security requirements.
Level 1
Over 6 million transactions processed per year
Requires organisation to:
- Complete an annual Report on Compliance (ROC) through a Qualified Security Assessor (QSA)
- Complete quarterly network scans by an Approved Scanning Vendor (ASV)
- Complete the Attestation of Compliance Form
Level 2
1 to 6 million transactions processed per year
Requires organisation to:
- Complete an Annual Self-Assessment Questionnaire (SAQ)
- Complete a quarterly network scan by an ASV
- Complete the Attestation of Compliance Form
Level 3
20,000 to 1 million transactions processed per year, primarily in e-commerce
Requires organisation to:
- Complete an Annual SAQ
- Complete a quarterly network scan by an ASV
- Complete the Attestation of Compliance Form
Level 4
Up to 1 million transactions processed per year, with no more than 20,000 processed through e-commerce
Requires organisation to:
- Complete an Annual SAQ
- Complete a quarterly network scan by an ASV
- Complete the Attestation of Compliance Form
Why receive PCI consulting?
With the various requirements that change on a regular basis, PCI compliance seem to be difficult standards to regularly meet. However, it’s absolutely essential to meet them.
If your organisation ever suffers a data breach as a result of failure to meet PCI compliance, you can be held responsible for the damages by the payment processors and suffer hefty fines and fees, as well as severe public reputational damage.
Additionally, if an audit is conducted on your organisation and it is discovered that you’re not meeting PCI compliance standards, you may lose access to accept credit cards entirely, severely disrupting your business.
For these reasons and more, it’s crucial that you follow PCI standards. Danso Consulting can answer your commonly asked questions and develop a personalized plan to ensure proper compliance each year for your organisation. Contact us to get started.
The Fundamental Requirements of PCI DSS
Are you meeting all of these?
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software or programs
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need to know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security for all personnel
- Are we considered a merchant, card processor, or issuer?
- Which level of compliance are we required to meet based on our annual card transaction volume?
- What version of the Self-Assessment Questionnaire (SAQ) should we file; A, A-EP, B, B-IP, C, C-VT, D?
- A required control is too costly or burdensome, are there alternative options we can consider?
- Are we collecting the proper evidence that sufficient controls are in place and operating effectively?
- Can we store any of the full track (magnetic stripe) data?
- What happens if we complete the certification but still have a breach?
All Your Commonly-Asked Questions, Answered
With years of experience in ensuring our clients meet PCI compliance, Danso Consultants are equipped to answer all of your frequently asked questions about PCI compliance. Contact us for more information.