High-Risk
Account PCI Compliance
PCI DSS was made compulsory
for processing card payments from Feb 2010.
PCI Compliance is the Payment Card Industry Data Security
Standard, a world-wide benchmark mandated by
the card schemes for the protection of cardholder
identity and transaction information. If you are not
covered and do not comply with the standard you could
face substantial fines imposed by card schemes or result
in permanently being barred from using card acceptance
programmes, should a security breach occur.
There are 3 ways for those merchants to fulfill
PCI requirements:
A. |
Provide us with a copy of their
(valid) PCI certificate and network security scan |
B. |
Provide us with a "self assessment package"
(as described below) |
C. |
Provide us with a shortened version of the
"self assessment package" (only for
those merchants that meet the criteria described) |
The 3 options explained:
Option A:
Merchant provides us with the following two documents:
- Valid PCI certificate; to
be provided annually
- Official Network Security
Scan results; to be provided quarterly. Scan should
be carried out by an Approved Scanning Vendors (ASV)
mentioned in the following list: www.pcisecuritystandards.org/pdfs/asv_report.html)
Option B:
Merchant provides us with the following two documents:
Option C:
Merchants that do not handle or process credit card
details in any way are allowed to use a shortened version
of the SAQ (version A):
www.pcisecuritystandards.org/docs/pci_saq_a.doc
(to be repeated annually).
Possible Approved Scanning Vendors (ASVs):
Currently with the High-Risk Merchant Account + Gateway
we do not have any referral deal in place for this,
but the following companies may be of use to merchants/resellers,
at a reasonable price:
A more elaborate (and more expensive) option could
be QualysGuard:
www.qualys.com/solutions/pci_compliance |