Self-assessing Your Pci Compliance

Self-assessing Your Pci Compliance

No matter how large or small your business is, if you take credit/debit cards or paycards from American Express, Discover, MasterCard and/or Visa, you will have to meet PCI Data Security Standards. These preventative measures are used to protect cardholders from security breaches that could lead to identity theft. If you do not met, these standards per your contractual obligations, you can be fined and/or sanctioned by the credit card company and/or acquiring bank.

The requirements for proving PCI compliance vary depending on the number of transactions a merchant handles per year. Merchants are placed in different levels from 1 to 4 depending on the volume of their transactions. Various payment brands and acquiring banks use different criteria to categorize merchants. In general, however, those merchants who have over 6 million transactions or who have had previous incidences of security breaches will be required to have an annual on-site assessment of their PCI compliance. This assessment is done by a Qualified Security Assessor (QSA). Additionally, a network scan is required on a regular basis by an Approved Scanning Vendor (ASV).

Merchants who handle a lesser volume of transactions may qualify to use the PCI Self-Assessment Questionnaire for validation. The questionnaire is like a checklist the requirements listed by the PCI DSS. In order to complete the questionnaire, you must go through each of the 12 requirements and answer either “Yes” or “N/A.” A “No” answer to any of the requirements will make you non-compliant. In order to become compliant, all of the requirements must be achieved.

Another part of the self-assessment validation process is the PCI Scan Compliancy. Level 2, 3 and 4 merchants must also have a network scan by an ASV. This scan can identify areas of vulnerability if there are any. These security threats should match up with any “No” answers on your self-assessment questionnaire. The ASV that does your scan can provide recommendations for how to resolve any security threats so that you can complete your questionnaire. The completed questionnaire and successful PCI scan report from the ASV should be sent to the acquiring bank for validation. Additional documentation may also be requested and required.

The frequency of PCI Compliance validation depends on the number of transactions your company handles. The various payment brands and acquiring banks have their own requirements. You may have to be validated quarterly or annually. Those merchants who pose a higher risk are usually validated more frequently.

HackerGuardian from Comodo provides PCI Scan Compliancy services for merchants of all sizes. Services are available for business with multiple IP addresses and those with just 1 IP address. HackerGuardian even offers a free PCI scan. The free Painless PCI program walks e-merchants through the process of becoming PCI compliant. Designed specifically for level 3 and 4 merchants who are sometimes overlooked by PCI solutions, the Painless PCI program makes it easy for e-merchants to navigate the sometimes-confusing self-assessment questionnaire. It also supplies a list of recommendations to resolve any compliance issues.

Article Source: Link

Vijayanand working as a online marketing co-ordinator in ID Theft team in Comodo, a leading internet security provider, offers a real time Identity Theft Prevention and Identity Fraud restoration services among others.