What is PCI compliance ?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to protect your customers’ payment card information. As a matter of fact, it’s the security your customer is looking for. In scope cards include any debit, credit and pre-paid cards branded with one of the five card association (isa International, MasterCard, American Express, Discover Card, and JCB)
To whom does PCI apply?
PCI compliance is required for all merchants that store, transmit, or process payment card information regardless of size or number of transactions that accepts, transmit or store any cardholder data. Another way, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply.
What are the PCI compliance ‘levels’ and how are they determined?
All merchants will fall into one of the four merchant levels based on Visa transaction volume over a 12-month period. Transaction volume is based on the aggregate number of Visa transactions (inclusive of credit, debit and prepaid) from a merchant Doing Business As (‘DBA’). In cases where a merchant corporation has more than one DBA, Visa acquirers must consider the aggregate volume of transactions stored, processed or transmitted by the corporate entity to determine the validation level. If data is not aggregated, such that the corporate entity does not store, process or transmit cardholder data on behalf of multiple DBAs, acquirers will continue to consider the DBA’s individual transaction volume to determine the validation level.
Merchant levels as defined by Visa:
| Merchant Level | Description |
| 1 | Any merchant — regardless of acceptance channel — processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system. |
| 2 | Any merchant — regardless of acceptance channel — processing 1M to 6M Visa transactions per year. |
| 3 | Any merchant processing 20,000 to 1M Visa e-commerce transactions per year. |
| 4 | Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants — regardless of acceptance channel — processing up to 1M Visa transactions per year. |
* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.
What are the PCI compliance deadlines?
All merchant that stores, processes or transmits cardholder data must be compliant now. However, as a Level 4 merchant, you will have to refer to your merchant bank for their specific validation requirements and deadlines. All deadline enforcement will come from your merchant bank.
Can I deal with PCI compliance on my own?
Businesses that want total control of their online payment process can choose to meet the requirements themselves. These measures include implementing quarterly scans and audits, passing security assessments, building and maintaining a secure network, and other controls.
PAYMUNDO 