PCI-DSS

DOES YOUR ORGANIZATION HANDLE CARDHOLDER DATA?

FIND OUT WHAT YOUR ORGANIZATION HAS TO DO TO COMPLY WITH PCI DSS SECURITY REGULATIONS!

The PCI Security Standards Council is an international organization that established the Payment Card Industry standards for securing cardholder data around the world.

The requirements vary depending on the level of organization. Click here to figure out which level you are and get an idea of what you’ll need to do to comply.

SPEAK WITH A PCI-DSS EXPERT

Why Choose Abacode as Your MSSP?

Goals PCI DSS Requirements
Build and Maintain a Secure Network
1. Install and maintain a firewall configuration to protect cardholder data

2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
3. Protect stored cardholder data

4. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
5. Use and regularly update anti-virus software or programs

6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures
7. Restrict access to cardholder data by business need-to-know

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks
10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes
Maintain an Information Security Policy
12. Maintain a policy that addresses information security for employees and contractors

4 Levels of PCI

Level 1

Merchants that handle:

  • 6 million+ Visa, Mastercard, or Discover transactions per year
  • 2.5 million+ American Express transactions per year
  • handle 1 million+ JCB transactions per year

Merchants that have suffered a data breach or cyberattack resulting in compromised cardholder data or that have been identified by a card issuer as Level 1

REQUIREMENTS

  • Annual Report on Compliance (ROC) by a Qualified Security Assessor (QSA)
  • Quarterly network scan by an Approved Scan Vendor (ASV)
  • Attestation of Compliance Form

Level 2

Merchants that handle:

  • 1 – 6 million Visa, Mastercard, or Discover transactions per year
  • 50,000 to 2.5 million American Express transactions per year
  • less than 1 million JCB transactions per year

 

REQUIREMENTS

  • Annual Self-Assessment Questionnaire (SAQ)
  • Quarterly network scan by an Approved Scan Vendor (ASV)
  • Attestation of Compliance Form

Level 3

Merchants that handle:

  • 20,000 – 1 million Visa e-commerce transactions per year
  • 20,000+ Mastercard e-commerce transactions per year, and up to to 1 million total Mastercard transactions per year
  • 20,000 – 1 million Discover card-not-present transactions per year
  • less than 50,000 American Express transactions

REQUIREMENTS

  • Annual Self-Assessment Questionnaire (SAQ)
  • Quarterly network scan by an Approved Scan Vendor (ASV)
  • Attestation of Compliance Form

Level 4

Merchants that handle:

  • less than 20,000 Visa or Mastercard e-commerce transactions per year
  • up to 1 million Visa or Mastercard transactions per year

REQUIREMENTS

  • Established by the merchant’s acquiring bank
  • Usually include an SAQ and Quarterly Network Scan by an ASV

Why Abacode?

As certified cybersecurity & compliance experts (CISSP, CIA, CISA, CEH, PMP, etc.), PCI DSS readiness is one of our focuses. Abacode continuously prepares organizations for their 3rd Party PCI DSS audits throughout the year and help them maintain compliance moving forward.

Abacode’s compliance portal helps streamline continuous compliance and security control effectiveness tracking for organizations before, during, and after audits.

Connect with us today to learn more about the PCI DSS readiness process and the cost of implementing a PCI DSS program.

Scroll to top