PCI DSS Compliance can be confusing for small merchants

PCI DSS Compliance for small merchants.001

How confident are small merchants with their annual PCI DSS compliance?

Merchants often find that the simplest of self assessment questionnaires (SAQs) for PCI DSS compliance are less than simple – and can often tie them in knots.

They are not always confident that they are reporting to the right level of compliance and the more they look into the guidance the less clear they are.

Some of the confusion comes from the payment processors themselves and their level of PCI expertise.

This often results in merchants completing the wrong SAQ or being unsure whether they are providing the correct answers.

Why is it important for merchants to get PCI DSS compliance right.

The payment brands mandate PCI DSS compliance for all merchants and if you are taking card payments you need to be compliant. Non-compliance can lead to additional fees or fines if a card breach is found to originate from your environment. The acquirer may introduce several layers between them and the merchant including payment processors. The payment processors often, as part of their service, manage the acquirer’s merchant compliance. If a merchant needs assistance they may have to contact the payment processor.

Why using a PCI QSA company can help you

A PCI QSA can help you identify your scope of compliance and reporting requirements.  They will understand the intent of the questions being asked and how that relates to your organisation.  This will result in you completing the appropriate SAQ and and give you confidence that your cardholder data environment is compliant.

 

Terminology

Merchant is any organisation that accepts card transactions normally in exchange for goods or services.

Acquirers used by merchants to process their payment transactions, and these will include payment brands such as Visa and Mastercard. Acquirers are responsible for merchant compliance.

Issuer is the organisation or bank  that issues the actual cards  on behalf of the payment brand.   (This is different with closed loop networks like American Express, JCB, Discovery as they issue their own cards)

 

> Start now!
Need help with PCI DSS Compliance 

 

 

 

Cyber security news from Zephyr – weekly intelligence briefing 6th May 2016
Cyber security news from Zephyr – weekly intelligence briefing 29th April 2016