Lately there have been reports of processors that are starting to charge their customers $19.95 per month for not being PCI compliant. To fix this problem, these processors are requiring their customers to install some PC based scanning software that is supposed to magically make the business PCI compliant, thereby allowing them to avoid the monthly charge.
Let me start out by saying: This is a scam
Reputable processors will have already paid this fee for their merchants, do your due diligence and shop for the right merchant processor.
There is nothing that you can just put on your PC that will make your business PCI compliant. This is so far off course that it hardly can be related to PCI. PCI compliance is in reference to networks, computers, hardware and software that play a part in the processing, storage, or transfer of a credit card transaction.
It is now required that every business be PCI compliant, but let me assure you that there is no simple computer program that will do this for any business. Even if only a single computer is used to enter card data, it is unlikely that it is the only piece of the puzzle, and even more unlikely that a single piece of software can guarantee PCI compliance.
Steps to get compliant:
1. Determine whether you need to be PCI compliant. (If you accept credit cards, or play
any part in the processing of a credit card, you need to be PCI compliant.)
2. Determine which Level of compliance is required for your business.
* Level 1: Greater than 6 million credit card transactions per year or any business that
has suffered a hack or data breach, or any business deemed Level 1 by card
associations.
* Level 2: 1 to 6 Million credit card transactions per year.
* Level 3: 20K to 1 Million credit card transactions per year.
* Level 4: Less than 20K ecommerce, or 1 Million total transactions per year.
3. Fill out the self assessment questionaire (SAQ).
4. Fix every area that you answered ‘NO’ to on the SAQ.
5. Hire an approved scanning vendor (ASV) to perform quarterly scans of any external networks. – All Levels
6. Fix and maintain any failed area of the scan.
7. Level 1 Only: Complete an annual on-site audit by a Qualified Security Assessor (QSA).
8. ** Continue to maintain security of networks and card information!
Once you complete all of those requirements, and maintain a secure network and business environment, you are PCI compliant. Most of the details of PCI compliance can be found in the SAQ, and on the PCI Security Standards website.
If you are a merchant that has experienced the PCI complaince fee, please give me a call to see if Merchant Solutions can help your business in avoiding this fee.
Contact:
Kevin Sarisky
Merchant Solutions
2239 West 190th Street
Torrance, CA 90504
(424) 212-9500
ksarisky@merchantsolutionsiq.com
www.moourl.com/
