PCI Compliance

The Payment Card Industry Data Security Standards (PCI-DSS) is a set of requirements for enhancing payment account data security. These standards were developed by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa International to facilitate industry-wide adoption of consistent data security measures on a global basis.

What does this mean to me and my business?

All entities, merchants and service providers that store, process, or transmit cardholder data must meet PCI-DSS requirements. Requirements for certification vary depending on the number of transactions an entity processes, and the manner in which they are processed.

What am I required to do to become PCI Compliant?

The minimum requirement for a level 4 merchant is to complete a PCI-DSS Self-Assessment Questionnaire (SAQ) on an annual basis and achieve a passing score. If you electronically store cardholder information or if your processing systems have any internet connectivity, a quarterly network vulnerability scan by an approved scanning vendor is also required.

How long is the PCI compliance certification valid?

The length a PCI compliance certificate is valid depends on whether your business requires a questionnaire or scan. If your business only requires the annual questionnaire, PCI Certification is valid for one year. If your business requires quarterly scans, PCI Certification is valid for three months at which time your next quarterly scan will be due. If you change the manner in which you store, process or transmit cardholder data, you may increase the vulnerability of your business and must contact TrustWave or third party QSA/ASV for recertification.