What is PCI-DSS?
Payment Card Industry (PCI) Digital Security Standard(DSS) or PCI-DSS refers to the standards to be followed by all merchants dealing in the storage, processing and transfer of their customer’s card data. The standards ensure a safe transactional environment.
To whom does it apply?
The PCI-DSS applies to all individuals and organizations (irrespective of their size) that deal with and store their customer’s card data. Transactions with the five card types namely- American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa need to comply with the PCI-DSS.
If your business stores any of the data enumerated by the following diagram, then you will have to give a proper business reason with details regarding the storage of the same.
Decoding the requirements for Small and Medium-sized businesses for PCI-DSS Compliance:
In order to be PCI-DSS compliant, a merchant must comply with the following steps:
- Understand which SAQ (Self Assessment Questionnaire) your business should follow. The following image will help you choose the appropriate SAQ for your business:
– Fill in the SAQ according to the instructions provided.
– Obtain the proof of passing the vulnerability scan with a PCI DSS Approved – – Scanning Vendor (ASV).
– Complete the required Attestations of compliance ( in SAQ tool)
– Submit SAQ, proof of passing the scan and the required Attestation along with any other document asked for to your relevant acquirer.
To get a complete guide of the chief takeaways of the 12 standards to click here
- Enumerating the Penalties for your Non-Compliance:
Should you choose to not comply with the said Standards, the penalties that your business may face can be far-reaching. If there is any violation of the PCI Standards, then the payment brands are liable to fine the acquiring bank a sum of $5,000 to $1,00,000 monthly( depending on the degree of violation). The acquiring bank will most likely increase its transaction fees with the business or terminate its relationship with you. However, penalties are not listed specifically but an account agreement with your merchant will outline the degree of your risk in this regard.
- Debunking 3 Misconceptions associated with the PCI-DSS:
Myth 1: Comparatively few Credit Cards taken, hence there is no requirement for Compliance: The PCI-DSS states specifically that all merchants irrespective of their size and transactions have to comply with its standards. Even if your quantity of transaction is one, you have to ensure that your business complies with the PCI-DSS.
Myth 2: PCI-DSS requires one to hire a Qualified Security Assessor: IT-based companies hire a QSA in order to use their specialized skills. However, the payment card brand gives the option of running an internal assessment with a sign-off officer subject to the agreement of your acquirer bank and merchant. The PCI-SSC has provisions for training of Internal Security Assessors(ISAs). Small and medium-sized businesses may be able to self-assess their compliance using the SAQ provided on the PCI-DSS website.
Myth 3- PCI-DSS is too difficult:
Decoding the 12 requirements of PCI-DSS may seem tiresome, especially if merchants are small and medium-sized. Also, if they are without an established IT department. There are many services that help you become PCI-DSS compliant. Invest some money as compliance does not come cheap. This will help in PCI-DSS certification.
How to Ensure Compliance?
With VComply on board, you can be PCI-DSS compliant. As per the regulations mentioned in the PCI-DSS, your business needs to be able to run appropriate checks. Fill SAQ forms and hire Assessors for looking into your business and its workings. All 12 regulations with the 4 levels of compliance need to be comprehensively understood. With VComply’s GRC(Governance, Risk and Compliance)offerings, you can secure compliance and work towards growing the business. We offer a 30-minute Deployment time, CAL Repository, Intelligent Reminders, Compliance Calendar and Assign and Track feature etc. Click here to schedule a free demo. You may also opt to explore the Lifetime Free Basic version for enhanced user experience.Add to favorites