The Payment Card Industry Data Security Standard (PCI-DSS) is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI-SSC). The standard was created to help organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations which hold, process, or pass cardholder information from any card branded with the logo of one of the card brands.
The standard is maintained by the Payment Card Industry Security Standards Council, which maintains both the PCI-DSS and a number of other standards, such as the Payment Card Industry PIN Entry Device security requirements (PCI-PED) and the Payment Application Data Security Standard (PA-DSS).
Validation of compliance can be performed either internally or externally, depending on the volume of card transactions your organization is handling, but regardless of the size of the organization, compliance must be assessed annually. Organizations handling large volumes of transactions must have their compliance assessed by an independent assessor known as a Qualified Security Assessor (QSA), while companies handling smaller volumes have the option of self-certification via a Self-Assessment Questionnaire (SAQ). In some regions these SAQs still require sign-off by a QSA for submission.
PCI compliance is used as way to generate additional revenue by many sales agents, who often up-sell this service far beyond the cost charged by the processor. At AdvoCharge, we utilize TrustWave, one of the most trusted names in PCI compliance and any costs associated with completing your compliance are included in your flat monthly fee. As long as you maintain your compliance there is no non-compliance expense, and we also help guide you in performing your scans to help maximize your time and keep you focused on running your business.
There are many misconceptions about PCI compliance, but with AdvoCharge as your partner, we will help you understand how PCI compliance impacts your business and how best to protect yourself moving forward.