PCI Security Standards CouncilTarjetas de crédito

If you accept payment with credit cards or transmit or store any cardholder data, then the Payment Card Industry Data Security Standard (PCI DSS) applies to you. PCI DSS is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. PCI DSS requirements apply to any credit, debit or pre-paid card transaction whether it’s online, via phone or in person. So PCI DSS compliance pretty much applies almost every merchant doing business.

For small and medium-size businesses, PCI DSS compliance can be confusing and expensive to implement. Worse yet, PCI DSS requirements often appear subjective in their enforcement and interpretation.

So, why bother?

Failure to comply can lead to stiff penalties from the major credit card companies, including American Express, Discover, JCB, MasterCard and Visa International. Even if you haven’t been breached, noncompliant organizations can face substantial fines and even have their payment card privileges revoked. The results can be devastating, irredeemably destroying your credibility, customer loyalty, and ultimately, your business.

Which merchant level am I?

• Qualification: You’re a small business processing less than 20,000 eCommerce transactions and less than 1 million other transactions each year.
• Requirements: You need to complete an annual risk assessment using the appropriate PCI Self-Assessment Questionnaire (SAQ). Quarterly PCI scans, administered by an approved scanning vendor, may also be required.
• Qualification: You’re a midsize company processing 20,000 to 1 million transactions annually.
• Requirements: An annual risk assessment using the appropriate SAQ. Quarterly PCI scans, administered by an approved scanning vendor, may also be required.
• Qualification: You’re a mid- to large-size company processing between 1 and 6 million transactions annually.
• Requirements: An annual risk assessment using the appropriate SAQ. Quarterly PCI scans, administered by an approved scanning vendor, may also be required.
• Qualification: You’re a major or very large organization processing 6 million transactions or more per year.
• Requirements: An annual internal audit conducted by a qualified PCI auditor. Quarterly PCI scans, administered by an approved scanning vendor, may also be required.

 

38North consultants have assessed organizations from numerous industries against all PCI DSS compliance requirements, and routinely conduct a variety of internal and external vulnerability assessments to identify security weaknesses.

Our PCI DSS services include:

PCI DSS Gap Analysis: This is perfect for organizations new to PCI DSS that don’t know where to begin. Our PCI DSS gap analysis educates you on the process while examining your information security and privacy programs to see how they stack up against PCI DSS requirements. We also determine the cost to attain PCI DSS compliance, identify any risks and/or challenges and help you focus on the most critical action items.

PCI DSS Self-Assessment. The Self-Assessment Questionnaire (SAQ) is a required PCI DSS deliverable that may be undertaken internally depending on your comfort level and experience. If you need it, we can complete this assessment for you using the appropriate SAQ for your business, including the Attestation of Compliance.

PCI DSS Remediation Support: Once you have an unbiased view of your compliance posture, you need to plan, develop and implement remedial measures. This may be in the form of new technologies, policies, plans and procedures or training.

 

Contact us to learn how 38North can help you achieve and maintain PCI DSS compliance.