Home > IT Blogs > Regulatory Compliance, Governance and Security >

Regulatory Compliance, Governance and Security:

discover

Apr 20 2009   1:03PM GMT

Payment Card Industry Data Security Standard | Learn about PCI DSS



Posted by: Charles Denyer
Payment Card Industry Data Security Standard, charles denyer, PCI DSS, visa, mastercard, american express, amex, discover, jcb, service providers, merchants, pci ssc, pci dss self assessment

The Payment Card Industry Data Security Standard, commonly known as PCI DSS, is a far reaching compliance initiative put forth in a collaborative fashion by the major payment brands (VISA, MasterCard, American Express, Discover, and JCB). These compliance initiatives are overseen and guided by the Payment Card Industry Security Standards Council (PCI SSC).

Thus, if you need to become PCI DSS compliant, there are a number of valuable resources to look at. But first and foremost, you need to understand what Level you fall into for PCI DSS compliance. For merchants, you can be categorized anywhere from a Level 1 to a Level 4. Level 1 audit require an on site PCI DSS assessment, while other Levels you can conduct a PCI DSS Self Assessment. These are general rules, however. Compelling business requirements would require some Level 2, 3, and 4 providers to possibly have an on site audit conducted. Also, there are varying requirements depending on your transaction level between the major payment brands. Find out what your transaction level is, first and foremost.

Additionally, there are also requirements for service providers, thus you will need to identify your transaction level also.

AddThis Social Bookmark Button     0 Comments     RSS Feed     Email a friend

Mar 23 2009   12:07PM GMT

PCI DSS Merchants Levels | Learn Your Requirements for PCI DSS Compliance



Posted by: Charles Denyer
charles denyer, jcb, american express, discover, visa, mastercard, pci dss merchant levels, qsa, pci ssc, self assessment questionnaire, qualified security assessor (QSA)

Regarding PCI DSS merchant levels, it is paramount that these very merchants properly identify the level they fall under for compliance with PCI DSS. Most merchants will be able to undergo their own payment card industry data security standards (PCI DSS) self assessment questionnaire (SAQ). However, many will also be required to conduct and go through an annual on-site assessment by a Qualified Security Assessor (QSA).

Again, this all depends on the merchant levels and you have to understand that these PCI DSS merchant levels are different for each of the respective payment brands. So, let’s take a closer look at this.

Discover Card: They do not even use merchant level categories, rather, they use a risk based approach for assigning PCI DSS requirments.

VISA: Visa uses Levels 1 to 4 for classifying merchant levels. Learn more about VISA Merchant requirments

American Express, JCB, MasterCard: These major payment brand heavyweights also have identify merchants from Levels 1 to 4, and again, this is based on transaction volume. Learn more about their PCI DSS merchant levels.

AddThis Social Bookmark Button     0 Comments     RSS Feed     Email a friend