• Level four merchants are those who process less than 20,000 transactions, and all Visa merchants who process up to one million transactions annually, should complete annual security scans in addition to the self assessment.
basics accounting'>basics accounting - Merchants appear to have little choice but to comply with the requirements of PCI DSS. There is very likely to be a cost involved, but the burden of the proof of compliance can vary with the amount of transactions that are processed. Any merchant storing, processing or even transmitting primary account numbers are obliged to comply with the PCI DSS.
One of the key factors, is how the data is processed, even where a PC is used to access the data, the process is considered to fall within the scope of the standard, which means that even smaller businesses must be compliant. The primary account number should be encrypted, while other data such as the name of the cardholder, expiration date, and service code, can be readable.
• The PCI DSS stipulates that some data should not be stored, and includes:
• All of the data stored in the magnetic stripes and chips embedded in the card.
• The CVV or card verification value which is the 3 digits printed on the signature strip.
• The Pin, which is used to authorize transactions.
It may be difficult to put the cost of compliance into proper perspective, but according to recent reports, the cost of reported online frauds in 2011, was estimated to be close to $80 billion. For Visa merchants, the costs are even more interesting, as failure to report a loss of transaction data, can result in a penalty of $100,000. It can be as high as $500,000, and depends on the egregiousness of the incident. When compared with costs of remediation, the situation is favourable as the cost of remediation is estimated to be between $90 and $300 for each incident. The most difficult part of the process for merchants, may understand how PCI DSS can be implemented effectively.
For Visa:
• Level One merchants, who process in- excess of 6 million transactions annually, must have an on-site PCI Security Assessment and complete network scans every quarter. The assessment may be completed by an independent QSA, or done internally.
• Merchants processing between 20,000 to one million annual e-commerce transactions are considered Level three merchants, and must complete the Self-Assessment in addition to performing quarterly network scanning.
Merchants are characterized by the level or number of transactions that are processed annually, and the requirements for compliance may differ according to the level.
• Level two Merchants that process between 1 million to 5,999,999 annual transactions, must perform network scanning every quarter and complete the self-Assessment evaluation.
It may take some time and careful planning may be required, but it may be much simpler than expected, as many of the processes can be implemented with currently available software. Some of the software may need adapting to suit your purpose, but the critical parts are appreciation and acceptance.
Không có nhận xét nào:
Đăng nhận xét