Get paid for articles. Earn money for writing.

How to Satisfy PCI Requirements for a business

With financial crisis and new developments in the global economy both governments and financial institutions are now introducing new measures, instruments and safeguards to make the sector more compliant, responsible and transparent. The article below describes what news and regulations are suggested for the Payment Card Industry to be applied both to merchants using cards to collect payments, and card processors.

Related searches

PCI Compliance Guide Frequently Asked Questions

pcistuff: PCI Requirement 3

PCI Compliance Guide: A Five Step Guide for Gaining PCI

PCI Compliance made EASY - Trust Seals from Trust Guard - A

PCI Requirement 1.3.9 - Personal Firewall Question: Microsoft

Can tokenization of credit card numbers satisfy PCI requirements?

PCI DSS Compliance Reporting - Security Manager Plus

AirTight Launches New Low-Cost Wireless PCI Scanning Services

Payment Card Industry PCI Requirements | Free PCI information SAQ

Payment Card Industry Data Security Standard - Wikipedia, the

Make Yahoo! Your Homepage

Partner resources
free dating sites Singapore

All businesses, both the merchants and the processors must follow certain course of actions to meet the minimum requirements set by the council.

Payment Card Industry is serious in implementing the standards so that quality of service will be incomparable. Those companies who are guilty of taking the regulations for granted will be punished. Thus, several providers take extra effort in customizing their services to satisfy the council's requirements. In fact, since tough competition exists in the industry, others offer a no PCI fee to make the package more appealing. Above all that, both the merchants and the processors must see to it that conformity to guidelines is always observed by following these simple procedures:

Identifying validation Type

Since there are 5 validation types under Self Assessment Questionnaire, first thing to do is to identify which of the types your company belongs. Each type has different instructions and guidelines to follow, which is not applicable to any other type. Whatever is stipulated in the guidelines must be met to be attested as compliant. Below are the different validation types with their respective requirements:

Type 1 - Card not present

This type handles mail to telephone orders only. The company is not allowed to store or process data of any kind instead, must hire the services of a third party provider. Only manual record keeping and reporting is permitted and not electronic tracking.

Type 2 - Imprint machines

Under this type, a company may either be a card-present or a card-not-present merchant; however, its function is confined to the use of imprint machines only. Same as type 1, electronic data storage is prohibited.

Type 3 - Stand-alone, Dial out Terminals only

Basically the same guidelines as of type 2, but the only difference is the use of dial-out terminal connected via phone line to the card processor. Connection through Internet is a violation.

Type 4 - Merchants with POS system

The requirement under this validation types is payment application system connected through the Internet connection. Although the company can't electronically store cardholder's data, the purpose of Internet is to transmit sensitive info to the application vendor. Still, only paper reports and receipts are allowed.

Type 5 - All other Merchants and SAQ Eligible Service Providers

This is specially developed for those businesses that do not meet the criteria set for Types 1 - 4. Since some guidelines may not be applicable, non-applicability or exclusion of certain requirements are provided.

Completing the Self Assessment Questionnaire (SAQ)

Once you have identified your business type, completion of the SAQ must follow. This is sort of a checklist containing the security standards of the PCI. This serves as an evaluation to ensure that the business strictly conforms to the set standards.

Obtaining evidence of passing vulnerability scan

If your business is categorized as either type 4 or 5, you are required to provide evidence that you have passed the vulnerability scan from an approved scanning vendor. This is to ensure that transmission and storage of cardholder's data through Internet is guaranteed safe.

Completing Attestation of Compliance

This is a declaration that your company is fully-compliant to the PCI council requirements. Included under the form are the following: Qualified Security Assessor Company information, Merchant Organization information, PCI validation, and action for non-compliant status.

Submitting all compliance tools to acquirer

Upon completion of SAQ, evidence of passing scan, and Attestation of Compliance; you are required to submit them to your acquirer. Sometimes, other relevant documents may be requested together with the SAQ tools.

The compliance procedures may be extensive and obligatory; however, its purpose is to provide assurance for a safe transaction of clients.

With all the strict requirements of the council, it is understandable to be charged with a compliance fee.

----------------------------------------------------

However, if you want to avail of the services of a 'no PCI fee' merchant account provider, kindly go to this site: http://www.takecardstoday.com/no-pci-fee-merchant-account.html for more information.