For starters, you should get familiar with the PCI compliance standard that applies to you: the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS requirements are broken down into six different categories with different requirements:
1. Build and Maintain a Secure NetworkNetwork
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
2. Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
3. Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
4. Implement Strong Access Control MeasuresSecure-log-in-element-image
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
5. Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
6. Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
The next step is to figure out your PCI compliance level. Merchants fall under four categories of PCI compliance, depending on the number of transactions they process each year, and whether those transactions are performed from a brick and mortar location or over the Internet. Remember: all merchants that process credit cards—whether small or large—must be PCI compliant.
Now here is where PCI compliance for merchants can get a bit tricky: each payment card brand (Visa, MasterCard, etc.) has their own requirements for PCI compliance. You need to know the different PCI compliance deadlines and requirements for each payment card brand. To give you a general idea of what you need to do as a merchant, here are Visa's PCI requirements for merchants:
Level 1 Merchants
- Annual Report on Compliance (ROC) by a Qualified Security Assessor (QSA)
- Quarterly network scan by Approved Scan Vendor (ASV)
- Attestation of Compliance Form
Level 2 and 3 Merchants
- Annual Self-Assessment Questionnaire (SAQ)
- Quarterly network scan by ASV
- Attestation of Compliance Form
Level 4 merchants
- Annual SAQ recommended
- Quarterly network scan by ASV if applicable
- Compliance validation requirements set by acquirer
Any operational business model relies heavily on IT support and the help desk to achieve maximum uptime for all IT systems. This white paper addresses ways for help desk analysts and IT support staff to easily and efficiently handle their workload by simplifying and automating processes to increase time and operational cost savings, enhance productivity, and boost customer satisfaction. more