PCI DSS requirements are those requirements that you need to meet to store and work with users' credit and debit cards. They are not requirements for only Payment gateways but also for any business that accepts payments via credit cards or debit cards.
In this article, you will learn about these requirements and how the cost you will incur when you hire us to help you implement these requirements.
Definition of terms related to PCI DSS requirements.
1. PCI = Payment Card Industry.
2. DSS = Data Security Standard.
From the above terminologies, it is clear that the Payment Card Industry have come together and set minimum requirements that should be followed by any payment cards handler.
You handle payment cards? If yes, then you must follow these set standards or else face the law when there are issues concerning credit card data leak or fraud in your system. In addition, customers who pay via credit and debit cards are becoming aware of the requirements during this information age and are less likely to risk their credit or debit cards on your website or app if you have not implements these requirements.
The two major ways of meeting the PCI - DSS requirements.
There are two major ways of meeting the PCI - DSS requires.
a). Directly as the credit card / Debit card handling company.
b). Through a compensating control.
The direct way is self explanatory in that, the company that stores and charges credit cards is the one to go through the process of ensuring they meet all the PCI - DSS requirements.
Alternatively, a company can meet these requirements through putting in place alternative mechanisms when the actual PCI -DSS requirements are deemed impractical at the moment. You can call them alternative control.
However, compensating control is not advocated and in the event that this is the only possible way, the card handling company must go through an approval process through a PCI QSA (Payment Card Industry Qualified Security Assessor).
The 12 PCI - DSS requirements that you must meet as a card processing company.
1. Install and maintain a firewall configuration to protect cardholder data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters.
3. Protect stored cardholder data.
4. Encrypt transmission of cardholder data across open, public networks.
5. Use and regularly update antivirus software.
6. Develop and maintain secure systems and applications.
7. Restrict access to cardholder data by business need-to-know.
8. Assign a unique ID to each person with computer access.
9. Restrict physical access to cardholder data.
10. Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.
12. Maintain a policy that addresses information security.
Quick steps to be PCI - DSS compliant.
Step 1: Meet the above 12 requirements. - We charge this at $1,000 + any other logistic fee.
Step 2: Hire a PCI - QSA - We help you get a certified and currently licensed PCI - QSA at a consultation fee of $350.
Step 3. The PCI - QSA completes a ROC (Report on Compliance).
Step 4. The ROC is sent to the acquiring Bank for verification on compliance. We help you get and convince an acquiring Bank at a negotiation fee of $350.
Step 5. The verified ROC is then sent to the card processing company for a yet another verification.
Step 6. The PCI - DSS certification is then awarded. We help in the certificate application at $1,000