Jun 16 2009 11:40AM GMT
Posted by: Charles Denyer
charles denyer,
PCI DSS,
payment card industry data security standards (PCI DSS),
service providers payment card compliance,
visa,
amex,
mastercard,
Discover Card,
jcb,
pci qsa,
qualified security assessor,
pci dss compliance,
transaction processors,
payment gateways,
web hosting providers,
data centers,
managed service providers,
ISO
PCI DSS compliance is becoming a requirement for many service providers involved in the processing, storage, transmission, and switching of transaction data and cardholder data.
In short, a service provider, for purposes of Payment Card Industry Data Security Standards (PCI DSS) compliance includes companies that provide services to merchants, to other “service providers” or are other entities that control OR could impact the security of cardholder data.
So, here are some common examples of service providers:
Transaction Processors
Payment Gateways
Customer Service Entities, such as Call Centers
Managed Service Providers
Web Hosting Providers
Data Centers
Independent Sales Organizations (ISO’s)
And you may also want to know that the major payment brands (VISA, MasterCard, AMEX, Discover Card, and JCB) have different “terms” for service providers.
AMEX-They are called a “Third Party Processor”
Discover-They are called a “Third Party Processor” and a “Payment Service Provider”
Mastercard-They are called “Third Party Processors” and a “Data Storage Entity”
VISA-They can be called a “VisaNet Processor”, which is considered everybody that connects to VISA.
And generally speaking (with a noted exception), all Service Providers will need an annual on-site Review done by a Qualified Security Assessor.
Apr 30 2009 2:51PM GMT
Posted by: Charles Denyer
pci dss requirements,
pci qsa,
charles denyer,
visa,
mastercard,
american express,
amex,
Discover Card,
jcb,
level 1,
level 2,
level 3,
level 4,
processing over 6,
000,
processing 1,
000 to 6,
20,
000 to 1,
fewer than 20,
quarterly network scan asv,
annual self assessment
PCI DSS VISA Requirements for Merchants as stated by VISA require merchants to first and foremost identify what “Level” of compliance is required. This simply requires your organization to identify the number of transactions per year that are undertaken. In short, calculate or approximate this number to see which level you fall into.
Level 1: Any merchant-regardless of acceptance channel-processing over 6,000,000 Visa transactions per year and Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.
Level 2: Any merchant-regardless of acceptance channel-processing 1,000,000 to 6,000,000 Visa transactions per year.
Level 3: Any merchant processing 20,000 to 1,000,000 Visa e-commerce transactions per year.
Level 4: Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants-regardless of acceptance channel-processing up to 1,000,000 Visa transactions per year.
Now, based on which Level you fall into, listed below are the requirements as set forth by VISA.
Level 1: Annual onsite review by QSA (PCI DSS Assessment) and Quarterly Network Scan by ASV
Level 2: Annual Self Assessment Questionnaire and Quarterly Network Scan by ASV
Level 3: Annual Self Assessment Questionnaire and Quarterly Network Scan by ASV
Level 4: Annual Self Assessment Questionnaire and Quarterly Network Scan by ASV
To learn more about PCI DSS Requirements, visit pciassessment.org
Apr 12 2009 12:36PM GMT
Posted by: Charles Denyer
pci merchant levels,
charles denyer,
american express,
Discover Card,
visa,
mastercard,
jcb,
level 1,
PCI DSS assessment,
qsa,
quarterly network scan
PCI merchant levels have been clearly defined by all the major payment brands (VISA, MasterCard, American Express, Discover Card, and JCB). What’s important to note is that you should also look at each of the payment brand’s respective Levels for truly understanding where you fall.
Thus, PCI merchant levels for American Express are defined as the following:
Level 1: Merchants processing over 2.5 million American Express Card transactions annually or any merchant that American Express otherwise deems a Level 1.
Level 2: Merchants providing 50,000 to 2.5 million American Express transactions annually or any merchant that American Express otherwise deems Level 2.
Level 3: Merchants processing less than 50,000 American Express transactions annually.
Thus, the requirements for these respective Levels as far as compliance is concerned are the following:
Level 1: Annual onsite review by QSA (PCI DSS Assessment) and Quarterly Network Scan by ASV.
Level 2: Quarterly Network Scan by ASV.
Level 3: Quarterly Network Scan by ASV.
To learn more about PCI Merchant Levels and the Payment Card Industry Data Security Standards (PCI DSS), visit pciassessment.org
Mar 26 2009 1:09AM GMT
Posted by: Charles Denyer
credit card security compliance,
payment card industry data security standards (PCI DSS),
qualified security assessor (QSA),
charles denyer,
pci dss self assessment,
visa,
mastercard,
american express,
Discover Card,
jcb
Credit card security compliance is more technically known as the Payment Card Industry Data Security Standards, simply known as PCI DSS. PCI DSS is a framework established and agreed upon by the major payment brands (Visa, MasterCard, American Express, Discover Card, and JCB). The oversight, training and assessment guidelines for PCI DSS is conducted by the Payment Card Industry Security Standards Council, known as the PCI SSC.
Payment card industry compliance is a very general and broad term, thus you need to fully understand what your compliance needs are and how to go about undertaking the requirements for meeting these very needs. Most organizations requiring PCI DSS compliance are either merchants or service providers, and they have to comply based on what level they fall into for PCI DSS.
Add to this is the ability to either conduct a PCI DSS self assessment or to undertake an actual on-site PCI DSS assessment by a qualified security assessor, known as PCI-QSA. Get the facts about compliance and start making inroads sooner rather than later for all your credit card security compliance needs (again, more technically known as PCI DSS 
