PCI Compliance – Why It’s Important to Your Business
Protect Your Business and Your Customers With data security compromises on the rise, it is more important than ever to take measures to safeguard your customers and your business.
Criminals or “hackers” can pose a risk to your business onsite or remotely… so it’s critical to implement procedures to protect your data…whether it is stored in a file cabinet or on a computer.
The card brands have joined to form the PCI Data Security Standards (PCI DSS) Council, establishing security requirements and standards EVERY business that accepts card payments and stores, processes or transmits payment card data MUST MEET. Ensure you are compliant so you avoid costly security breaches that can include:
- 100% responsibility for cardholder losses
- Card brand fines up to $500,000 per incident
- Forensic investigations expenses as high as $100,000
Frequently Asked Questions
Q: Do I have to be PCI compliant?
A: Yes, all merchants are expected to be compliant with the 12 requirements of the PCI Data Security Standards (PCI DSS).
Q: Do I have to validate compliance to the PCI DSS?
A: While expected to be compliant to the PCI DSS, Level 4 merchants do not have to provide proof of validation to Marsoft, LLC. You should complete the PCI DSS Self-Assessment Questionnaire (SAQ) to identify vulnerabilities. If you have external-facing IP addresses must run network scanning.
Q: Who should I contact to become PCI compliant?
A: There are several companies that provide services. You can find a Qualified Security Assessor (QSA) to assist with the PCI SAQ and an Approved Scanning Vendor (ASV) to assist with the network vulnerability scans on the https://www.pcisecuritystandards,.org website under the QSA/ASV menu.
Q: What are the requirements for me to become PCI compliant?
A: If you have Internet in your business on a system that could stores cardholder data, you must complete and pass the PCI SAQ and perform and pass quarterly network vulnerability scans.
If you do not have Internet in your business, you only need to complete and pass the PCI SAQ.
Q: If I have more than one PC, do I have to complete multiple Self-Assessment Questionnaires (SAQ)?
A: No you only have to complete one questionnaire for your business as a whole.
Q: With whom should I work to complete the SAQ?
A: You may need to consult your network support person and/or POS provider for assistance with questions about your set-up and environment. Our team of Network Specialists and programmers at Marsoft will be able to assist with understanding the questions and assessment of your compliancy.
Q: How often does the SAQ have to be completed to be considered PCI compliant?
A: To be compliant, the SAQ is required to be completed and passed annually.
Q: Once I am deemed PCI compliant, do I have to do anything again to remain PCI compliant?
A: PCI compliance is a point in time. Compliance requires continuous assessment and remediation. Any significant changes in your network or business processes should warrant another review of the SAQ and/or network scan to identify any vulnerability. Examples of changes would be a new software installation, upgrade to the software version, firewall rule modifications, new employee password policies and the like.
Q: Am I PCI compliant if my point-of-sale is compliant?
A: No. PCI compliance goes beyond the hardware of software used for payment card processing. You are expected to be compliant to the Payment Card Industry Data Security Standards (PCI DSS). The PCI DSS contains 12 requirements addressing six core principles for network architecture, cardholder data protection, vulnerability management, access controls, and network security and information security policies. These include items such as policies for storing reports/receipts, physical access to data, passwords, etc.
Using a validated payments application and/or approved PCI PN entry device (PED) may aide in reducing scope of potential areas requiring attention. However, to be considered PCI DSS compliant, you must validate you compliance by completing and passing the PCI SAQ and network vulnerability scans.
Q: Where can I find more Information?
A: Full information about PCI and the necessary forms are available on the PCI Data Security Standards Council website:
Marsoft is also happy to assist you. Contact Marsoft LLC at:
(505) 990 – 0845