Announcement

Collapse
No announcement yet.

PCI Compliance Needed Or Not?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • PCI Compliance Needed Or Not?

    Hello Team,

    Can anybody please tell me if PCI Compliance is something very important that I have to consider if I am planing to run couple of e-commerce websites wherein, some of those sites will have very heavy transactions and some of them will have very less of transactions?? Thanks -Jennysha .

  • #2
    Hello Jennysha,

    I'd say to explain PCI DSS is an very simple thing, PCI (Payment Card Industry) is a design of set requirements to ensure all the companies that process, stores or transmit the credit card information and maintains a secure environment, PCI also has different levels of passing. Essentially for any merchant that has a Merchant ID (MID).

    Thanks and Regards,
    EdwardS

    Comment


    • #3
      Hello Edward,

      I Thank You, for helping me understand the concept of the PCI and how does it works, however you have mentioned about the Level of PCI for which again I have no idea what it is! It will be much appreciated if you could help me with some more details on the levels of PCI Compliance.

      Thank you -Jennysha

      Comment


      • #4
        Originally posted by Jennysha View Post
        Hello Edward,

        I Thank You, for helping me understand the concept of the PCI and how does it works, however you have mentioned about the Level of PCI for which again I have no idea what it is! It will be much appreciated if you could help me with some more details on the levels of PCI Compliance.

        Thank you -Jennysha
        Hi Jennysha, I hope that this post turns to be helpful for you to understand the levels of PCI- DSS (Payment Card Industry Data Security System) there are basically 4 levels of PCI Compliance from 1.0- 4.0.

        Now under the PCI-DSS [Payment Card Industry Data Security Standards], Compliance reporting requirements of a merchant differs based or depending upon their Merchant Level. Merchant Level are determined by the number of payments specific to each card brand you process in a 12 months of reporting period. Depending upon your level, YOu may be required to validate and report your PCI-DSS Compliance to your acquirer. The chart below providers an overview of each reporting level..

        Regard,
        Rowan

        Comment


        • #5
          Hello Jennysha,

          As Rowan have already mentioned all the levels of PCI- DSS and their validation. Even I would like to contribute more on the same levels by adding some more information based on the level criteria's and requirements:

          On Level 1:
          *Criteria:- Over 6 million Visa or MasterCard transactions in a 12 month period
          *Requirement:- Onsite Assessment and Report on Compliance (ROC) performed by QSA or ISA
          Quarterly network scans by ASV.

          Level 2:
          *Criteria:- Between 1 and 6 million Visa or MasterCard transactions in a 12 month period
          *Requirement:- Onsite Assessment and either a ROC or Self-Assessment Questionnaire (SAQ) completed by QSA or ISA
          Quarterly network scans by ASV

          Level 3:
          *Criteria:- Between 20,000 and 1 million Visa or MasterCard e-commerce transactions in a 12 month period
          *Requirement:- Self-Assessment Questionnaire (SAQ) Quarterly network scans

          Level 4:
          *Criteria:- Less than 20,000 eCommerce or less than 1 million transactions with one card brand in a 12 month period.
          *Requirement:- Self-Assessment Questionnaire (SAQ), Quarterly network scan, Submission to acquirer not mandatory.

          You can simply initiate a live chat if instant help needed.

          Thanks and Regards,
          EdwardS

          Comment


          • #6
            Originally posted by Edward_Stone View Post
            Hello Jennysha,

            As Rowan have already mentioned all the levels of PCI- DSS and their validation. Even I would like to contribute more on the same levels by adding some more information based on the level criteria's and requirements:

            On Level 1:
            *Criteria:- Over 6 million Visa or MasterCard transactions in a 12 month period
            *Requirement:- Onsite Assessment and Report on Compliance (ROC) performed by QSA or ISA
            Quarterly network scans by ASV.

            Level 2:
            *Criteria:- Between 1 and 6 million Visa or MasterCard transactions in a 12 month period
            *Requirement:- Onsite Assessment and either a ROC or Self-Assessment Questionnaire (SAQ) completed by QSA or ISA
            Quarterly network scans by ASV

            Level 3:
            *Criteria:- Between 20,000 and 1 million Visa or MasterCard e-commerce transactions in a 12 month period
            *Requirement:- Self-Assessment Questionnaire (SAQ) Quarterly network scans

            Level 4:
            *Criteria:- Less than 20,000 eCommerce or less than 1 million transactions with one card brand in a 12 month period.
            *Requirement:- Self-Assessment Questionnaire (SAQ), Quarterly network scan, Submission to acquirer not mandatory.

            You can simply initiate a live chat if instant help needed.

            Thanks and Regards,
            EdwardS

            Very Well explained by Edward, this is something new to me ..

            Comment

            Working...
            X