PCI Compliance
PCI Compliance


PCI – Payment Card Industry
PCI regulations are created and maintained by Major Card Brands
Non-Compliance Fines
$5,000 to $100,000 monthly penalties
Infringement Consequences per cardholder exposed
Legal actions against your company
Federal Audits by Federal Trade Commission
Major Revenue Loss during audits
What are the PCI Compliance levels and how are they determined?
Level 1
This is for big box stores and major corporations that process more than 6 million transactions per year.
Level 2
This is for medium to large size businesses who process between 1 million to 6 million transactions annually any sales channel.
Level 3
Most small, medium businesses fall in this category where they process between 20,000 to 1 million transactions annually.
Level 4
Typically a small business that handles less than 20,000 e-commerce transactions per year, or merchants that process up to one million transactions through all channels (card present, card not present, e-commerce).
How to Become Compliant
Build and Maintain a Secure Network
Protect Cardholder Data
Maintain a Vulnerability Management Platform
Implement Strong Access Control Measures
Regularly Monitor and Test Networks
Maintain information Security Policy
Quarterly Scans of your network
Quarterly SAQ Completion
$100k Breach Insurance Policy
$250 Charge Back Protection
Managed compliant firewall
Do not jeopardize your business by taking unnecessary risks.
Secure your network against breaches and hacks
Quarterly scans as per PCI standards
Quarterly SAQ completion
Yearly AoC to keep your behind covered when something does go wrong
FAQ
What are my responsiblities as a merchant?
It is your responsibility to create & maintain a secure environment where the credit card data is not breached.
We provide the firewalls, switches, segregate the network, run quarterly scans, provide you with SAQ and AoC yearly.
You will have to ensure your staff is trained and certified to look out for suspicious activity, ensure you do not use default passwords, do not write card numbers, and discard them securely to name a few of your responsibilities
How often do I need to check my network?
You do not need to, we will scan the network automatically every 3 months. If everything passes, you will receive your SAQ questionnaire to answer and you are done.
If there are any issues, our staff will work with you to resolve them before retesting the network.
How do I know if I am compliant?
How do I manage the Guest WiFi?
Guest WiFi is one of the easiest ways for someone to breach into your network. You must take measures to ensure your Guest WiFi is segregated from all other traffic with no access to credit card data.
With our standard PCI Compliance deployment, your Guest WiFi is physically segregated from all other network traffic
Am I PCI compliant and secured if I use the ISP equipment?
No, using the ISP equipment is perhaps the worse decision you can make. Using the default equipment, you will expose yourself and your business to unnecessary risks.
The ISP is providing you the required equipment to get you online but not to keep your network secured and PCI Compliant