What Is PCI & PCI Compliance?

02/07/2008

PCI is short for Payment Card Industry.

PCI CompliancePCI Compliance refers to a set of standard created by the PCI to protect personal information and ensure security when transactions are processed using a payment card.

Everyone involved in the payment card industry must comply with these standards if they want to accept credit cards. This obviously includes the credit card companies and financial institutions, but also includes merchants.

Failure of merchants (eg online shops) to meet compliance standards can result in fines from credit card companies and banks, and even the loss of the ability to process credit cards. It can also increase your PCI category level (see below) which makes compliance in future more expensive and time consuming.

PCI Compliance Merchant Levels

The PCI have created different ‘merchant levels’ and the PCI compliance requirements are dependent on which level you are in. These are:

  • Level 1: Credit card or e-commerce transactions totalling 6 million or more per year. This level also includes anyone who has been caught with a data security breach.
  • Level 2: Credit card or e-commerce transaction levels between 1 million and 6 million.
  • Level 3: Credit card or e-commerce transaction levels between 20k and 1 million.
  • Level 4: Credit card or e-commerce transaction levels up to 20k. This includes all merchants processing 1 million transactions per year, regardless of what business you are in.

The PCI compliance validation requirements depend on level. All levels require a minimum of a quarterly network security scan by an approved scanning vendor.

These validation requirements which depend on merchant level are:

  • Level 1: An annual onsite review by an internal auditor or a Qualified Security Assessor.
  • Level 2, 3 and 4: A yearly self assessment questionnaire to be completed.

What Exactly Is PCI Compliance?

The PCI have created a PCI DSS (Payment Card Industry Data Security Standard).

The PCI DSS requires merchants who store, process or transmit cardholder data to:

  • Build and maintain a secure IT network
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

These are often expressed as "twelve standards" , but in reality there are a large number of clauses and sub clauses. When carrying out the self assessment checklist there are about 50 checks to be performed.

Cornish WebServices can implement eCommerce solutions and design eCommerce websites which meet PCI compliance requirements with the minimum of fuss for the client. Using a third party PSP (Payment Service Provider) helps with this, but checks are still required with the website and the way in which the website communicates with the the PSP needs to be secure. The early methods many eCommerce suppliers used (with JavaScript) are certainly no longer suitable. Integration with a PSP requires far more knowldge than simple HTML but our expert team have created many online shops and have no difficulty in implementing them securely and safely for businesses and websites of all sizes. Call today on 0330 555 4680 to speak to one of our marketing or development team and discuss your online security and payment needs.

← Back to Index

Contact Us

For a FREE Web Design Quote

Call us on:

+44 (0) 330 555 4680

Web Design Quote

Drop us an Email

Or Follow us on social networks

Testimonials - Ecommerce

Development for Ecommerce Website

“I love the look and feel of the new site - love the colours - love the mouse-over zoom - navigation and descriptions look good. Love the images for the intro panels for categories!”                                                                 

Readicut Crafts                  September 2012

SEO for Ecommerce Website

“I’m impressed. Thanks for the time it must have taken you to respond so comprehensively to our questions. It’s much appreciated!"                                                                  

Absolute Power Tools         June 2012

SEO Work

“The website is doing very well under you leadership and you are always on the phone when I need you, very helpful."

Peter Grove, Permark (Occasion Photo Frames), December 2011

View what other clients have said

Email usTel: +44 (0)330 555 4680
X

Our site uses cookies to help provide you the best experience. By continuing to browse the site you are agreeing to our use of cookies.
Find out more about cookies and how to change your cookie settings in your browser.