XBS Blog

Merchant Services - Resources, Information, Education

Call Us: 800-347-1090

Receive More Info ยป

From Clients Who Know

"XBS provides an intimate level of payment processing knowledge that results in a superior service level right down to the minute details for our retail electronics businesses and e-commerce presence."

"Robb and his company guarantee rapid delivery of our money that comes from customers who pay with credit cards - and for us, that's nearly all of them."

SnapAV - Scott Anstrom (Controller) 

"With two restaurant locations and a busy catering service in Nashville, we need an effortless credit and debit card processing system to ensure cash flow, and costs reflective of a markedly competitive industry - XBS provides this."

"We know we can call Dave for anything from an immediate cash advance to questions about gift cards - he's responsive, professional and as fair a representative of the credit card processing industry that we've ever met."

The Copper Kettle  Jon and Lana - Owners

Merchant Account Review

XBS Blog Post Email Subscription

Your email:

Most Popular Posts

Categories

Current Articles | RSS Feed RSS Feed

PCI DSS

Posted by Sharon Robb on Mon, Mar 16, 2009 @ 07:25 AM
  | Share on Twitter Twitter | Share on Facebook Facebook |  Share on LinkedIn LinkedIn 

The Basics.

PCI DSS (Payment Card Industry Data Security Standards) is now at the forefront of the electronic payments industry.  The proliferation of fraud and risk associated with credit card processing makes these standards to secure cardholder data that is stored, processed or transmitted by merchants and processors an absolute necessity.

PCI DSS is not an option - no matter what size merchant you are.  While the standards are not law - they are being developed by the PCI Data Security Council, an entity founded by American Express, MasterCard, VISA,  DISCOVER and JCB International.  Merchants found not to be in compliance with these standards could end up paying hefty fines or worse, lose the privilege of card processing.

PCI DSS differentiates compliance requirements based primarily on a merchants annual number of card transactions.  Most XBS merchants fall into the level 4 category - see below:

  • Level 1 - Merchants from whom cardholder data has been compromised and/or merchants with more than 6 million transactions   annually across all channels - including e-commerce.
  • Level 2 - Merchants with between 1 and 6 million credit card transactions annually.
  • Level 3 - Merchants with between 20,000 and 1 million credit card transactions annually.
  • Level 4 - ALL other merchants.

Compliance for each merchant level:

  • Level 1 - Annual onsite PCI data security assessment and quarterly network scans
  • Level 2 - Annual self-assessment and quarterly network scans
  • Level 3 - Annual self-assessment and quarterly network scans
  • Level 4 - Annual self-assessment and annual network scans

PCI DSS is built around a core group of principles and their requirements for all merchants to follow, a number of which represent best business practices for all business and may hopefully, already be in place. They are -

Build and Maintain a Secure Network.

Requirement 1 - Install and maintain a firewall configuration to protect cardholder data.

Requirement 2- Do not use vendor supplied defaults for system passwords and other security parameters

Protect Cardholder Data.

Requirement 3 - Protect stored cardholder data

Requirement 4 - Encrypt transmission of cardholder data across open, public networks.

Maintain a Vulnerability Management Program.

Requirement 5 - Use and regularly update anti-virus software.

Requirement 6 - Develop and maintain secure systems and applications

Implement Strong Access Control Measures.

Requirement 7 - Restrict access to cardholder data by business need to know.

Requirement 8 - Assign a unique ID to each person with computer access

Requirement 9 - Restrict physical access to cardholder data

Regularly Monitor and Test Networks.

Requirement 10- Track and monitor all access to network resources and cardholder data

Requirement 11- Regularly test security systems and processes.

Maintain an Information Security Policy.

Requirement 12: Maintain a policy that addresses information security.

Tags: 

Comments

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics