Understanding PCI Compliance

Modified on Fri, 6 Dec at 2:13 PM

What is PCI Compliance?

Payment Card Industry (PCI) Security Standards Council was founded in 2006 by American Express, Discover, JCB International, MasterCard, and Visa.  Together they drive the standards that are mandated by credit card companies to help ensure the security of credit card transactions within the payments industry. PCI Compliance refers to the technical and operational standards that businesses must follow to secure and protect credit card data provided by cardholders and transmitted through card processing transactions.


For reatailers


Do you need to run PCI Compliance Scans?

Yes.  Even though Card Defender, Cloud Retailer, and your payment terminals are PCI compliant, your credit card processor may still require quarterly or yearly PCI compliance scans.  


The PCI compliance scan will start with a self-assessment questionnaire (SAQ) that will help your credit card processor understand how secure your internal network is when it comes to processing, storing, and transmitting credit card information. 


While it may seem like a convenient place to store credit card information for recurring payments, you should NEVER store credit card information in Cloud Retailer. 

Storing Credit Card data in Cloud Retailer



Once the SAQ is complete, your credit card processor will schedule a time to perform a series of external tests designed to simulate a network attack to identify any weaknesses. 


How long does my PCI Compliant certification last?

If the scan is successful, your PCI Compliant certification will be valid for up to 1 year.  As technology improves, so does the need to review your equipment and procedures to protect you and your customers against fraud.


What happens if you fail the PCI Compliance scan?

Should you fail the scan, you will be required to improve the security of the points that failed.  Once the improvements are made, you will need to reach out to your credit card processor to perform another test.


Can RITE assist with PCI Compliance Scans?

Yes. We can work with you in understanding and completing the questionnaire as a premium service but we can not complete the scan for you as the questions must be answered from the context of your business and network setup. It typically takes 2 hours to complete the questionnaire.


References

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article