Trust Guard
877-848-2731
Security Seals

PCI Compliant

In a nutshell, the purpose of PCI Compliant scanning is to create the most secure environment possible for processing credit cards. The PCI (Payment Card Industry) council has 12 main security requirements that all merchants are required to strive for in order to be PCI DSS Compliant. The extent to which the 12 requirements need to be met depend on the number of transactions that a company processes in a year, these are broken into 4 levels. Here's our simplified version (please check the PCI councils site for the exact wording and any updates).

Level 1, any merchant that does over 6,000,000 transactions a year. Basically you need to bring an assessor on-site called a QSA to evaluate your security and create an in-depth compliance report for you. Quarterly PCI Scans are also required.

Level 2, any merchant that does between 1,000,000 and 6,000,000 transactions a year. In lieu of a full compliance report, the PCI Council allows Level 2 merchants to complete a Self-Assessment Questionnaire (SAQ) instead. Quarterly PCI Scans are also required. Level 2 merchants also have an extra one-page form that takes about 5 minutes to fill out that basically states that they don't keep certain types of credit card information on file.

Level 3, any merchant that does between 20,000 and 1,000,000 transactions a year. In lieu of a full Report On PCI Compliance, the PCI Council allows Level 3 merchants to complete a Self-Assessment Questionnaire (SAQ). Quarterly PCI Scans are also required.

Level 4, any merchant that does between 1 and 20,000 transactions a year. In lieu of a full Report On Compliance, the PCI Council allows Level 4 merchants to complete a Self-Assessment Questionnaire (SAQ). Quarterly PCI Scans are also required.








What do I need to do to become PCI DSS Compliant?
As I mentioned above, the requirement to become PCI DSS Compliant depends on which merchant level you fit into based on the number of transactions you process in a year. As you can see, Levels 2-4 are all basically the same (except the extra form for Level 2). For all three levels, you essentially need to get quarterly PCI Scans performed by an Approved Scanning Vendor (ASV) and you also need to complete an annual Self-Assessment Questionnaire (SAQ). I should also mention that your life will be much more simple and stress free if you don't store any credit cards on your server. If you store your credit cards with your Payment Gateway Provider like Authorize.net, LinkPoint, Paypal, etc., the SAQ is a breeze. If you store credit cards on your own server, then the SAQ gets much more complicated.

PCI Scanning (also known as PCI Security Scanning or Vulnerability Scanning) involves having a PCI ASV (Approved Scanning Vendor) scan any and all IP addresses that the public has access to that have to do with your website or the transaction process. This typically includes your websites IP address, however, if you transfer your customers to a third-party shopping cart hosted by your shopping cart provider during the checkout process, then you should include their IP address to be scanned as well.

Report On Compliance or SAQ is basically a report that you submit to your acquirer or merchant bank is typically the company that helps you process credit cards - this could be a third-party service provider, or your actual bank, it just depends who you signed on with) to show them that you are compliant. The type of report varies depending on the merchant level you fall into.

Once you've completed your PCI Scan, you submit the scan report and other documents to your acquirer or merchant bank.


Once my website is PCI Compliant then what?

That's a great question and one that does not get asked enough. These days many merchant banks are providing PCI compliant scans and then adding it to your bill. That makes things easy, but Not necessarily better. OK, your site is safer but what good is a safer site if no one knows about it? That's where Trust Guard really makes a difference, we provide PCI scans that exceed the PCI council's requirements then when your website passes the scan, we let your visitors know it site is safe to shop there by providing one of our Security Scanned Seals. Our seals build trust and confidence, so you get the best of both worlds.

Trust Guard gives you have a safer website that makes more sales. Get started today!




Menu
Security
Trust Guard Vs ...
Products


Matt Cutts on Website Security


Mary Chamberlain


World Teacher Aid


Trust Guard Insider





Extras




Protect Yourself from
Identity Theft


Shopper Approved
Customer Satisfaction Survey


Zendesk vs.
Rhino Support



Check a Site

Follow us and Share
Facebook Trust Seals    Google+ Trust Seals    LinkedIn Trust Seals    Twitter Trust Seals    Increase Sales
World Teacher Aid
© 2006 - 2013 Trust Guard® LLC, All Rights Reserved, the
reproduction, distribution, display, or transmission of the content
is strictly prohibited, unless authorized by Trust Guard® LLC.
All other company & product names may be trademarks of the
respective companies with which they are associated. Our
Certified *ASV scanning partner is Clone Systems, Inc.
Products | Partner Opportunities | Identity Theft | Category Index