If your company processes, stores or transmits credit card information, then you need to be aware of the Payment Card Industry Data Security Standard (PCI DSS). This comprehensive guide will help you understand the four levels of PCI compliance and what is required of your business.
Level 1: The highest level of PCI compliance, Level 1 compliance requires that you encrypt credit card data at all times. That means using secure socket layer (SSL) or transport layer security (TLS) for transmitting the data and then decrypting it on the other end, as well as storing encrypted credit card information.
Level 1 compliance also includes doing an annual external vulnerability scan of your site by a qualified security assessor, as well as quarterly network scans. You must also have a written information security plan and train your employees on data security best practices.
Level 2: To achieve Level 2 compliance, you must encrypt credit card data when it's being transmitted and when it's being stored. In addition, you must conduct quarterly external vulnerability scans and annual network scans.
Level 3: To achieve Level 3 compliance, you must encrypt credit card data when it's being transmitted and when it's being stored. You must also conduct quarterly external vulnerability scans and bi-annual network scans.
Level 4: The lowest level of PCI compliance, Level 4 requires that you protect cardholder data "to the extent possible." That means implementing firewalls, anti-virus software and other security measures to help keep your data safe. You must also conduct quarterly external vulnerability scans.
While achieving Level 4 compliance is not as rigorous as Levels 1 through 3, it's still important to take data security seriously and protect your customers' credit card data.
PCI-DSS compliance is required by the major credit card brands, including Visa and MasterCard. However, even if you don't accept credit cards, you probably have clients who need to transmit customer credit card information. If so, achieving PCI DSS compliance will help keep your clients' legal transactions safe from criminals. And as a third-party payment processor, it will also prevent the credit card brands from holding you responsible for a client's data security breaches.
