{"id":194,"date":"2006-10-25T12:04:55","date_gmt":"2006-10-25T19:04:55","guid":{"rendered":"http:\/\/www.merchantaccountblog.com\/archives\/194"},"modified":"2009-01-06T11:51:40","modified_gmt":"2009-01-06T16:51:40","slug":"required-actions-for-pci-compliance","status":"publish","type":"post","link":"https:\/\/www.merchantequip.com\/merchant-account-blog\/194\/required-actions-for-pci-compliance","title":{"rendered":"Required Actions for PCI Compliance"},"content":{"rendered":"

If you accept credit card online, this chart is for you. This chart is a simple breakdown of the PCI data compliance levels and requirements. If you accept transactions online, you fall into one of these levels. This chart explains what the requirements are to be in a specific category, and what a merchant must do to remain compliant. <\/p>\n

The yearly cost for a level 2, 3 or 4 merchant is around $150, while the yearly cost for a level 1 merchant is more than $30,000. Because of this, it is extremely important not to ever have a data compromise. I personally recommend not storing any sensitive data online, at all, and if it is stored offline, access should be highly restricted and the data should be encrypted. Track data should never be stored anywhere, under any circumstance.<\/p>\n

If you have a data compromise and card holder data is stolen, you should expect upwards of $100,000 in fines, arbitration fees, and regulations in addition to the additional cost of level 1 PCI certification.<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Level 1<\/b><\/td>\nDefinition:<\/b><\/td>\n\n
    \n
  • Over 6 million annual Visa or MasterCard Transactions<\/li>\n
  • Any merchant suffered a hack or attack that resulted in a data compromise<\/li>\n
  • Any merchant that card associations, at their discretion, determine should meet requirements<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
Requirement:<\/b><\/td>\n\n
Deadline:<\/b><\/td>\n\n
    \n
  • September 30, 2004 (1 year for new Level 1 merchants)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
 <\/td>\n<\/tr>\n
Level 2<\/b><\/td>\nDefinition:<\/b><\/td>\n\n
    \n
  • Visa: 1M – 6M annual transactions<\/li>\n
  • MC: 150K – 6M annual transactions<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
Requirement:<\/b><\/td>\n\n
    \n
  • Self assessment questionnaire and Quarterly vulnerability scan by approved scanning vendor<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
Deadline:<\/b><\/td>\n\n
    \n
  • June 30, 2005 (Sep 30, 2007 for new Level 2 Visa merchants)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
 <\/td>\n<\/tr>\n
Level 3<\/b><\/td>\nDefinition:<\/b><\/td>\n\n
    \n
  • Visa: 20K – 1M annual transactions<\/li>\n
  • MC: 20K – 150K annual transactions<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
Requirement:<\/b><\/td>\n\n
    \n
  • Self assessment questionnaire and Quarterly vulnerability scan by approved scanning vendor<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
Deadline:<\/b><\/td>\n\n
    \n
  • June 30, 2005<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
 <\/td>\n<\/tr>\n
Level 4<\/b><\/td>\nDefinition:<\/b><\/td>\n\n
    \n
  • Less than 20K ecommerce or 1M total Visa and MC transactions<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
Requirement:<\/b><\/td>\n\n
    \n
  • Self assessment questionaire and Quarterly vulnerability scan by approved scanning vendor<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
Deadline:<\/b><\/td>\n\n
    \n
  • Dates determined by merchant’s acquirer<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
 <\/td>\n<\/tr>\n<\/table>\n

Related Posts:<\/strong>
\nScan Alert PCI \/ CISP<\/a>
\nA Guide to Small Business Security, Free PDF Download\u00e2\u20ac\u00a6<\/a>
\nCISP, SDP, PCI Compliance required for every business\u00e2\u20ac\u00a6<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

If you accept credit card online, this chart is for you. This chart is a simple breakdown of the PCI data compliance levels and requirements. If you accept transactions online, you fall into one of these levels. This chart explains what the requirements are to be in a specific category, and what a merchant must […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22,8,1],"tags":[],"class_list":["post-194","post","type-post","status-publish","format-standard","hentry","category-ecommerce","category-fraud","category-merchantaccounts"],"_links":{"self":[{"href":"https:\/\/www.merchantequip.com\/merchant-account-blog\/wp-json\/wp\/v2\/posts\/194","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.merchantequip.com\/merchant-account-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.merchantequip.com\/merchant-account-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.merchantequip.com\/merchant-account-blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.merchantequip.com\/merchant-account-blog\/wp-json\/wp\/v2\/comments?post=194"}],"version-history":[{"count":1,"href":"https:\/\/www.merchantequip.com\/merchant-account-blog\/wp-json\/wp\/v2\/posts\/194\/revisions"}],"predecessor-version":[{"id":503,"href":"https:\/\/www.merchantequip.com\/merchant-account-blog\/wp-json\/wp\/v2\/posts\/194\/revisions\/503"}],"wp:attachment":[{"href":"https:\/\/www.merchantequip.com\/merchant-account-blog\/wp-json\/wp\/v2\/media?parent=194"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.merchantequip.com\/merchant-account-blog\/wp-json\/wp\/v2\/categories?post=194"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.merchantequip.com\/merchant-account-blog\/wp-json\/wp\/v2\/tags?post=194"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}