514-887-6463

What is PCI DSS and Does It Apply To Me?

By Mindsec Staff 3 May, 2024

PCI DSS is short for Payment Card Industry Data Security Standard, and it involves a specific set of requirements intended to ensure that all businesses that store, transmit, or maintain any cardholder data maintain a secure environment. Organizations such as merchants, issuers, acquirers, and processors all fall under the umbrella. Basically, if you accept payment for goods or services via debit cards, credit cards, online, over the phone, or in person, PCI DSS applies to you!

 

What are the PCI Compliance Requirements?

To become PCI DSS compliant, businesses must fulfill 12 specific requirements:

  • Using a firewall to protect cardholder data
  • Re-setting default passwords
  • Protecting stored cardholder data
  • Encrypting in-transit cardholder data
  • Maintaining anti-virus software
  • Keeping applications and systems secure
  • Access controls to cardholder data based on minimum required
  • Unique identities for each person with computer access
  • Minimize physical access to cardholder data
  • Periodically test security systems
  • Develop policies for personnel

Each of these has its unique set of complexities and details and they should be implemented accordingly.

 

PCI DSS Compliance Levels

It is important that you correctly determine the level of PCI compliance your organization falls under so that you can meet all your relevant requirements, the scope of which differs depending on the level. There are 4 PCI compliance levels and they are determined based on the volume of card transactions over a 12-month period.

Level 4 companies are those companies with less than 20,000 transactions a year.

Level 3 companies are those companies with 20,000 – 1 million transactions a year.

Level 2 companies are those companies with 1 million – 6 million transactions a year.

Level 1 companies are those companies with more than 6 million transactions a year.

One key detail here is that companies in level 1 are required to have an audit by a third party to achieve a posture of compliance, whereas companies in levels 2-4 complete a self-assessment.

But there’s more to PCI compliance than simply avoiding penalties, PCI DSS compliance can be a business enabler. “Are you PCI compliant?” will be one of the first questions an enterprise client will ask before engaging in business. One of the strongest benefits for PCI compliance is therefore access to large enterprise deals requiring their vendors to be PCI compliant.

Don’t interrupt the RFP or partnership process with delays because you aren’t yet PCI compliant. Use PCI compliance to prove trust throughout your sales cycle and assure your prospects that you take security seriously. Let Mindsec help you get started!

Mindsec Staff

Mindsec staff