New Banner 3

PCI DSS User Group

User Group is for merchants to come and share experiences with fellow professionals, and learn from the different businesses and sectors that attend the meeting. We have regular presentations from the card schemes and acquiring banks.

Find out more...

Request a Callback

Client Quote

"The help and support we received from ProCheckUp when trying to achieve PCI compliance has been above and beyond the call of duty; they helped us find an extremely cost effective solution to a major problem. We have come to respect ProCheckUp and the individuals working for it, our QSA was exceptional."
Online Golf

Services

Find out more about ProCheckUp's services including: Penetration Testing, PCI QSA and PCI ASV

More Detail

Events

PCI DSS User Group               Date to be confirmed.

Find out more about the PCI DSS User Group and sign up for the updates on our future events 

Sign up
Error loading Partial View script (file: ~/Views/MacroPartials/LatestNewsListWidgetsPartial.cshtml)

Blog

Read about the latest IT security trends and reseach.

Read here

PCI FAQ

PCI FAQ

Q- What is Payment Card Industry (PCI) Compliance?
Payment Card Industry (PCI) Compliance is a set of security standards that were created by the major credit card companies (American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International) to protect customers from increasing identity theft and security breaches.

Q- Who needs to become compliant?
Any company that accepts, processes, transmits or stores credit card information needs to comply with the standards set by the Payment Card Industry.

Q- What are my requirements for PCI Compliance?
The requirements for becoming Payment Card Industry (PCI) Compliant are dependent upon the merchant or service provider level that a company falls under. Merchants are divided into four different levels based on the number of transactions per card brand they process throughout a year.

Q - How do I register compliance?
Once you have passing PCI Scan and completed the Annual Self Assessment Questionnaire you should turned the information into your acquiring bank. Your merchant bank will then report back to the Payment Card Industry that your company is PCI Compliant.

Q- What happens if I am not compliant?
Failure to comply with the Payment Card Industry security standards may result in heavy fines, restrictions or permanent expulsion from card acceptance programs.

Level 1 Criteria
Merchants with over 6 million transactions a year on any one card
Merchants whose data has been compromised

Level 1 Requirements
Annual Onsite Security Audit and quarterly network security scan & manual pen test

Level 2 Criteria
Merchants with 150,000 to 6 million transactions a year on any one card

Level 2 Requirements
Annual Self Assessment Questionnaire
Quarterly Scan by an Approved PCI Scanning Vendor

Level 3 Criteria
Merchants with 20,000 to 150,000 transactions a year

Level 3 Requirements
Quarterly Scan by an Approved PCI Scanning Vendor
Annual Self Assessment Questionnaire

Level 4 Criteria
Merchants with less than 20,000 transactions

Level 4 Requirements
Need to report compliance but must maintain compliance.

Q-What kind of scans need to be performed?
Vulnerability Assessment Scans must be performed by Payment Card Industry Approved Scanning Vendors (ASV). The scan will be performed over all externally facing IP addresses that touch the credit card acceptance, transmission and storage process. Scans must be turned into the merchant bank on a quarterly basis. ProCheckUp are an ASV and can carry out all scans needed to become PCI compliant.

Q-How long does it take to be PCI compliant?

Becoming compliant can take as little as 1 day or can take years.  Time frames can depend on the level of the merchant and logistics involved.

What is ASV/QSA/SAQ?

ASV is a Payment Card Industry Approved Scanning Vendors who can scan the merchant's externally-facing payment card network.  They then produce a report that is submitted to the acquiring bank as proof of compliance.

QSA stands for Qualified Security Assessor. It is an experienced security consultant who can conduct the On-Site Data Security Assessment for PCI DSS Compliance. QSA's are required to recertify every year by attending training by PCI and passing the exam.

SAQ is the self assessment questionnaire that level 3 & 4 merchants are required to complete in order to register compliance.

https://www.pcisecuritystandards.org/

What is PA DSS? Do you do PA DSS?

PA-DSS is the PCI DSS Security Council-managed program formerly under the supervision of the Visa Inc. program known as the Payment Application Best Practices (PABP). The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data.

Do you provide proof of compliance & can we use it as a marketing tool?

ProCheckUp will provide you with a report to be submitted to your acquiring bank as proof of compliance with scanning requirements of PCI DSS.  In addition we will provide you with a certificate that can be used for marketing purposes and to reassure customers.