PCI Compliance
What is PCI Compliance?
PCI compliance is a set of rules that merchants must follow to minimize the risk and impact of data breaches. These rules were developed by the major credit card companies. The requirements vary depending on the merchant’s card transaction volume.
PCI DSS compliance includes:
- 6 major objectives
- 12 key requirements
- 78 base requirements
- 281 directives
- 400+ test procedures
Credit card brands can fine merchants for non-compliance.
Does my business need to comply?
Anyone who accepts cards as a form of payment must comply with PCI requirements. This includes debit or credit cards, online and over-the-phone transactions.
How to get PCI certified?
PCI certification takes two forms: Self-assessment (i.e. do-it-yourself) or hiring a third party QSA (Qualified Security Assessor). Though there are obvious advantages to self-assessing, including effort and cost, your ability to self-asses is dependent on your annual transaction volume and is reflected in the resulting level of PCI certification (1-4) you attain.
Here is the relationship between your transaction volume, required assessment approach, and level of certification:
Note: While PCI DSS outlines the requirements to become certified, there are subtle differences across payment networks (the table above was created from the Visa merchant guidelines). It is ultimately up to your merchant/acquiring bank to determine what is required for your compliance. Please be sure to check with them before beginning the compliance process.
Can PingPong help me with PCI compliance?
Yes. PingPong has achieved PCI Level 1 certification. Our widget will exclude you from PCI compliance or make you PCI compliant. You still have to certify if you want to get access to card data.