PCI Compliance

Become a PCI Compliance member.

It's simple and quick to sign up!

You'll be able to complete your questionnaire online once you've been approved, and we'll begin scanning your systems on the date and time you specify.

Your results will be emailed to you with instructions on how to evaluate your report.

Start the PCI registration process.

Login for Clients

PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is enforced by the Payment Card Industry Security Standards Council (PCI SSC) (PCI SSC). It was founded in 2006 in partnership with American Express, Discover, JCB, MasterCard, and Visa, among other payment card companies. The criteria are designed to help you secure your sensitive information and limit your vulnerability to assaults, reducing payment card breaches and data theft.

Card information is protected by PCI standards both during and after a financial transaction. As a result, PCI compliance is required for all card brands. If they want to take credit cards for payment, all members must follow these guidelines. Failure to achieve the compliance rules might result in credit card issuers levying fines and possibly preventing you from processing credit cards.

Businesses and merchants must comply with these criteria when processing, storing, and transmitting payment cardholder data in order to keep it private and safe. Since credit card theft continues to be a big threat to organizations, PCI compliance has become critical for all online transactions. That is why, from huge retailers to small businesses, PCI compliance is required. PCI compliance is required of all participants in the credit card payment process, including payment service providers and banks.

PCI Compliance requirements

PCI compliance consists of six main requirements. The vendor must be able to:

Keep your network safe.

The real network to which cardholder data is exposed is referred to by this standard.

  • To protect cardholder data, set up and maintain a hardware and software firewall.
  • Ascertain that all security precautions have been implemented to safeguard the network.
  • For critical security parameters, use the vendor's recommended defaults.
  • Protect the personal information of cardholders.

    This standard focuses on the storage and transmission of cardholder data.

  • Data about cardholders is stored in a secure manner.
  • Encrypt data sent over open, public networks so that even if someone has access to the data, it cannot be decoded.
  • To comply with the requirement, make sure the data is encrypted using at least a 128-bit SSL certificate.
  • Keep a Vulnerability Management Program going.

    This standard focuses on keeping your systems up to date.

  • Anti-virus software should be updated on a regular basis.
  • Update computer hardware, operating systems, and software on a regular basis.
  • Secure systems and applications should be developed and maintained.
  • If your machine is vulnerable to viruses, run regular virus scans.
  • Strong Access Control Measures Should Be Implemented

    This standard focuses on preventing physical access to cardholder data by allowing only those who need to utilize it access.

  • Each person who has access to the computer should be given a unique ID.
  • Physical access to cardholder data should be limited.
  • Networks should be monitored and tested on a regular basis.

    This standard focuses on regularly monitoring and testing the network that stores cardholder data.

  • All access to network resources and cardholder data should be tracked and monitored
  • Test security systems and processes on a regular basis.
  • Keep an information security policy in place.

    This standard explains why drafting and implementing a company-wide information security policy is critical.

  • Keep a policy in place that covers data security.
  • Ascertain that staff are aware of and understand their roles in relation to cardholder data.
  • PCI Compliance comes in a variety of levels.

    PCI compliance is required of all merchants who process credit cards. Depending on the volume of electronic transactions they make each year, these merchants are divided into four categories. However, each payment card company has its own PCI compliance criteria and definitions. Despite the fact that the PCI Security Requirements Council (PCI SSC) set these standards, specific payment card brands such as Visa, MasterCard, American Express, Discover, and JCB require compliance.

    PCI compliance levels are defined as follows:

    Level 1: Merchants who conduct more than 6 million transactions each year. An annual internal audit by a certified PCI auditor is required.

    Level 2 - Merchants who process 1 to 6 million transactions each year across all channels. In addition to a mandated quarterly network scan done by an authorized scanning vendor, the merchant must submit a yearly self-assessment questionnaire (PCI SAQ).

    Level 3 — E-commerce merchants who conduct 20,000 to 1 million transactions each year. An yearly risk assessment utilizing a self-assessment form is required of the merchant (PCI SAQ).

    Level 4 — Merchants who handle fewer than 20,000 e-commerce transactions and 1 million non-e-commerce transactions per year. Annual risk assessments using the appropriate PCI Self-Assessment Questionnaire are required for Level 4 businesses (SAQ).

    The nature of the questionnaires varies according to the level of PCI compliance, but the core standards stay the same. At each PCI Compliance level, internet-based merchants must have a quarterly vulnerability scan completed by an authorized scanning vendor.

    What are my specifications?

    The payment brands and your merchant bank require you to be PCI DSS compliant if you store, handle, or transfer payment card data. To comply with the PCI DSS, you must accomplish the following tasks:

  • A yearly Self-Assessment Questionnaire (SAQ), similar to an insurance questionnaire, to evaluate if you are taking the required safeguards to protect your payment card data,
  • Quarterly security scans if your systems are connected to the Internet. The scans check for flaws that an attacker could exploit to get access to your systems. These scans must be performed by a PCI-certified Approved Scanning Vendor (ASV).
  • Data breaches and fines might occur if the PCI DSS is not followed. It's also possible that you'll lose the ability to accept credit cards.

    Why is PCI Compliance used by MTech Distributors?

    ATM DEPOT has teamed with PCI Compliance, LLC, a business that specialises in merchant compliance, to help you with your compliance efforts. PCI Compliance, LLC assists retailers in overcoming their specific challenges and achieving PCI DSS compliance.

    PCI Compliance, LLC has partnered with 403 Labs to offer a completely automated Internet testing service that allows you to check the security of your Internet connection and devices to help you comply with the PCI DSS. This service contains a self-assessment questionnaire that walks you through your payment card environment and processes, as well as a vulnerability scanning engine that runs over 37,000 distinct security tests on your computer systems. PCI Compliance services are provided by ATM DEPOT at a great discount to our merchants.