PCI-DSS compliance can be a technical and logistical challenge for individuals and organizations alike. Our solutions take the guesswork out of compliance and make it easy for you to become PCI compliant.
The Payment Card Industry Data Security Standard (PCI DSS) is an industry requirement for securing cardholder data worldwide. Established by the Payment Card Industry Security Standards Council (PCI SSC)—which consists of American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc.—the PCI DSS must be followed if an organization wishes to process, store, or transmit the cardholder data of their customers issued by these card brands.
The people, processes, and technology within your organization that interact with or are exposed to payment card information are subject to the PCI DSS. To ensure your organization is PCI compliant, you’ll need to adhere to the 12 requirements, including more than 300 security checks, within the PCI DSS.
REQUIREMENTS
To achieve PCI compliance, organizations need to follow 12 requirements laid out in the PCI DSS. These PCI compliance requirements fall under six overarching categories that provide an overview of the security controls necessary for PCI compliance.
HOW WE HELP
Contact the professionals at NordLayer for consultation on what solutions are best for your organization. We’ll help you determine what you need to do next to be in compliance with PCI-DSS.
OUR INSIGHTS
Achieve regulatory compliance with NordLayer
ADDITIONAL INFO
To get PCI compliant, you will need first to determine which self-assessment questionnaire (SAQ) you should follow. Depending on your SAQ, you will need to implement a set of requirements and controls as outlined in the PCI data security standard.
SecurityMetrics assists small to large businesses identify and implement their PCI requirements.
SAQ stands for self-assessment questionnaire. Depending on an organization’s card transaction volume and the types of transactions it performs, it may be able to use an SAQ to self-evaluate its compliance with the PCI Data Security Standard.
SAQs contain questions about card data security. SAQs range in size from 22 questions (SAQ A) to 329 questions (SAQ D).
There are five risks you face with PCI DSS non-compliance and policy violation:
Monetary fines. Non-compliance can lead to fines from payment processors. Fines range from $10 per month to $1,000 per month or more.
Forensic audits. An organization must provide compliance documents to a forensic examiner during a data breach. In the event an organization has no compliance documentation, the examiner is also required to perform an assessment of the entity controls to determine compliance status in addition to the forensic exam of the data breach.
Payment brand restrictions. Payment brands can place restrictions on organizations such that non-compliant merchants will accept no-card processing. Brands may also completely terminate service in the event an organization does not obtain compliance.
Brand reputation. A data breach will significantly jeopardize brand reputation and customer loyalty. Organizations will be subject to public scrutiny and may lose customer loyalty due to poor credit card information control.
Reactive compliance. Expanding into new technologies without considering compliance, often requires re-engineering or new equipment to become compliant.
There are four PCI compliance levels, which are determined by the number of transactions the organization handles each year.
Level 1: Merchants that process over 6 million card transactions annually. Level 2: Merchants that process 1 to 6 million transactions annually. Level 3: Merchants that process 20,000 to 1 million transactions annually. Level 4: Merchants that process fewer than 20,000 transactions annually.