PCI Compliancy

what is PCI Compliancy?

PCI stands for Payment Card Industry and is a complex and ever evolving topic that is affecting millions of online businesses, in particular ecommerce stores that process, store or transmit credit card data. In a nutshell any merchant that has a MERCHANT ID (MID). The Payment Card Industry Security Standards Council (PCI SSC) was set up in September 2006 where their main focus is to improve payment account security throughout the transaction process. The PCI SSC was founded by American Express, Discover Financial Services, JCB International, and MasterCard Worldwide and Visa. A list of the standards can be found on the PCI SSC’s website.

is PCI Compliance a law?

PCI compliance is currently not a law, but there are many banks who now require merchants to be PCI compliant if they wish to sell products online, a couple of those banks are HSBC and Barclays. In addition, whilst there is no law there is a big push by legislatures and industry trade associations to enact a law around data security and breach notification.

what are the deadlines for complying with PCI DSS?

For most merchants the deadlines for validating compliance with the PCI DSS has already passed. As a merchant you need to check with your acquirer and/or merchant bank to determine if there are any specific deadlines.

i am a small merchant who has a small number of transactions per month. Do I need to be PCI compliant?

Whether small or large all merchants need to be PCI compliant.

what do I need to do to be PCI Compliant?

1. You need to fill out the Self-Assessment Questionnaire.

2. Execute a clean vulnerability scan with a PCI SSC Approved Scanning Vendor (ASV) and collect evidence of a passing scan from the ASV. This vulnerability scan is to be completed on a quarterly basis.

3. Complete the relevant Attestation of Compliance in its entirety.

4. Submit the self-assessment questionnaire (SAQ), evidence of a passing scan, and the Attestation of Compliance, along with any other requested documentation.

how can Advansys help?

• Advansys can execute the initial vulnerability scan on your ecommerce solution. Advansys works in partnership with McAfee to achieve this.

• Once the initial vulnerability scan has been completed Advansys will manage any vulnerabilities that may have occurred and promptly fix these.

• Once all vulnerabilities have been fixed Advansys will complete a final vulnerability scan to provide evidence that the ecommerce store is fully compliant.

• Advansys will advise you of the correct SAQ to fill out.

• The majority of the questions Advansys can fill out on your behalf.

• Advansys can advise on any questions that you are unsure of.

• Once the QAS has been completed and as a Merchant you comply to the PCI standards Advansys will provide you with a copy of the QAS.

benefits of being PCI Compliant with Advansys

• Ecommerce store is tested on a quarterly basis to ensure it is continually secure.

• Reduces the risk of fraud.

• Banks may give you better rates as a Merchant for being PCI compliant.

• Peace of mind for the internet shopper (Advansys will put a PCI compliant logo on the customers website).

• Advansys are experts in coding standards and therefore can quickly fix any vulnerabilities that may occur on the customers website.

For more information about PCI compliancy, please contact us