Secure Transactions | PCI Compliance | McAfee Secure for Websites

PCI Compliance: Introduction; How PCI Works

Free Consultation: United States:
+1 877-302-9965 option 6

International:
+1 707-224-7656 option 6

How PCI Compliance Works

Compliance with the Payment Card Industry (PCI) data security standard is required of all merchants that store, process, or transmit cardholder data. A "merchant" is defined as any entity accepting payment via any form of payment card. The program applies to all payment channels, including retail (brick-and-mortar), mail/telephone order, and e-commerce. The PCI standard is endorsed by all credit card brands within their respective programs, including Visa (CISP and AIS programs), MasterCard (SDP), American Express, DiscoverCard and JBC.

The PCI Data Security Standard consists of twelve basic requirements and corresponding sub-requirements.

Certification of Compliance

Separate and distinct from the mandate to comply with the PCI Data Security Standard is the certification, or validation, of compliance whereby entities verify and demonstrate their compliance status. It is a fundamental and critical function that identifies and corrects vulnerabilities, and protects customers by ensuring that appropriate levels of cardholder information security are maintained.

McAfee's interactive PCI Wizard walks you through each step of the certification process- including identifying what needs to be scanned, preparing the required security policy documents, and completing the self-assessment questionnaire. Unlimited online and telephone support from our expert staff is also included.

Compliance validation requirements are based on the annual volume of transactions, the potential risk, and exposure introduced into the payment system by merchants and service providers.

Merchant
Definition Annual Transaction Level Compliance Validation
Reporting Requirements

Level 1

Merchants with more than 6 million transactions a year
Merchants whose data has been compromised

Pass quarterly scan by an authorized scanning vendor
Annual onsite audit by Qualified Data Security Company

Level 2

Merchants with 150,000 to 6 million transaction a year

Pass quarterly scan by an authorized scanning vendor
Annual self-assessment questionnaire by merchant

Level 3

Merchants with 20,000 to 150,000 transactions a year

Pass quarterly scan by an authorized scanning vendor
Annual self-assessment questionnaire by merchant

Level 4 *

Merchants with less than 20,000 transactions a year

Reporting of compliance to Acquiring Bank not required, however compliance is required.

*Note: Reporting of compliance validation may be required by some banks for Level 4 merchants, and the requirements and fines are identical for Level 2, 3 and 4 merchants.

For more information on the PCI data security standard requirements see Visa's PCI Compliance Requirements or call us toll-free at 877-302-9965 for a free consultation with one of our PCI Compliance Specialists.