Support Center
About Us
Facebook-f X-twitter Linkedin-in

PAYMENT CARD INDUSTRY DATA SECURITY STANDARD

Let's talk!
Top Cyber Threats Facing Manufacturers this Holiday Season | Right Hand Technology Group

PCI DSS designs a set of security standards to ensure that all companies accepting, processing, storing, or transmitting credit card information maintain a secure environment. The major payment card brands (Visa, MasterCard, American Express, Discover, and JCB) established the Payment Card Industry Security Standards Council (PCI SSC), an independent organization, to administer and manage this framework.

Who Must Comply?

The PCI DSS applies to ANY organization, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data.

PCI DSS may be just a part of your business. We’ll help you determine your compliance scope, protecting you from risks, and saving you time and money. We make the process simple and easy for you!

PCI DSS COMPLIANCE LEVELS

Compliance is divided into four levels that are based on the annual number of credit or debit card transactions a business processes. The classification level determines what an organization needs to do to remain compliant:

Level 1

Merchants processing more than six million real-world credit or debit card transactions annually. An internal audit must be done yearly. Furthermore, every quarter, a PCI scan must be performed by an Approved Scanning Vendor (ASV).

Level 2

Merchants processing between one and six million real-world credit or debit card transactions annually. An assessment must be done yearly using a Self-Assessment Questionnaire (SAQ). A quarterly PCI scan may be required as well.

Level 3

Merchants process between 20,000 and one million e-commerce transactions annually. A yearly assessment using the relevant SAQ must be completed, and a quarterly PCI scan may be required.

Level 4

Merchants processing fewer than 20,000 e-commerce transactions annually, or those that process up to one million real-world transactions. A yearly assessment using the relevant SAQ must be completed, and a quarterly PCI scan may be required.

REQUIREMENTS FOR PCI DSS LEVELS

The PCI SSC has 12 requirements for handling cardholder data and maintaining a secure
network. Distributed between six broader goals, all are necessary for an organization to
become compliant:

1

Secure Network

  • Install and maintain a firewall configuration to protect cardholder data.
  • Do not use vendor-supplied defaults for system passwords.
2

SECURE CARDHOLDER DATA

  • Protect stored cardholder data.
  • Encrypt transmission of cardholder data across public networks.
3

VULNERABILITY MANAGEMENT

  • Use and regularly update anti-virus software or programs.
  • Develop and maintain secure systems and applications.
4

ACCESS CONTROL

  • Restrict access to cardholder data based on business need-to-know.
  • Assign a unique ID to every person with computer access.
  • Restrict physical access to cardholder data.
5

MONITORING & TESTING

  • Track and monitor access to network resources and cardholder data.
  • Regularly test security systems and processes.
6

INFORMATION SECURITY

  • Maintain a policy addressing information security for all personnel.

HOW WE HELP

We make every effort to understand your business–where you’re going and where you want to be. We protect your data, your customers, your reputation, and your bottom line. You’re safe in our hands.

1

We’ll help you determine where account data utilized, and which systems and networks are in scope for PCI DSS.

2

We’ll do a gap analysis to identify gaps and deficiencies in your PCI DSS alignments.

3

We formulate a roadmap that that outlines what steps need to be taken.

4

We’ll even represent you during the audit–and help you stay in compliance year after year.

We Can Help!

Right Hand Technology Group is CompTIA Security Trustmark+™ certified and has been ranked as one of the top Managed Service Providers in the world. Our experienced staff of Cybersecurity Professionals and Security Engineers have been working with various industries on cybersecurity for more than 20 years.