What is PCI Compliance?
Payment card industry (PCI) compliance is mandated by credit card companies to help ensure the security of credit card transactions in the payments industry. Payment card industry compliance refers to the technical and operational standards that businesses follow to secure and protect credit card data provided by cardholders and transmitted through card processing transactions.
PCI standards for compliance are developed and managed by the PCI Security Standards Council.
Do you need to run PCI Compliance Scans?
Yes. Even though Card Defender, Cloud Retailer, and your payment terminals are PCI compliant, your credit card processor may still require quarterly or yearly PCI compliance scans.
The PCI compliance scan will start with a self-assessment questionnaire (SAQ) that will help your credit card processor understand how secure your internal network is when it comes to processing, storing, and transmitting credit card information.
While it may seem like a convenient place to store credit card information for recurring payments, you should NEVER store credit card information in Cloud Retailer. Storing Credit Card data in Cloud Retailer
Once the SAQ is complete, your credit card processor will schedule a time to perform a series of external tests designed to simulate a network attack to identify any weaknesses.
How long does my PCI Compliant certification last?
If the scan is successful, your PCI Compliant certification will be valid for up to 1 year. As technology improves, so does the need to review your equipment and procedures to protect you and your customers against fraud.
What happens if you fail the PCI Compliance scan?
Should you fail the scan, you will be required to improve the security of the points that failed. Once the improvements are made, you will need to reach out to your credit card processor to perform another test.
Can RITE assist with PCI Compliance Scans?
Yes. We can work with you in understanding and completing the questionnaire as a premium service but we can not complete the scan for you as the questions must be answered from the context of your business and network setup. It typically takes 2 hours to complete the questionnaire.