SandStorm IT

Power On

  • Services
    • Managed IT Services
    • Servers & Networks
    • Business Computers & Support
    • Cloud Services & Data Backup
    • Custom Software Development
    • VoIP Telephone Solutions
    • Custom Web Design
    • Disaster Recovery Solutions
    • Security & Compliance
    • IT Consulting
  • Technologies
  • Pricing
  • Work
  • About
    • Our History
    • Our Team
    • Careers
    • Press
  • Blog
  • Contact
    • (901) 475-0275
  • Help Me

Guide to PCI DSS – Part 1: What is PCI DSS?

June 1, 2020 By Justin Oliver

Welcome to SandStorm IT’s 6-part series about Payment Card Industry Data Security Standard (PCI DSS). In this series, we’ll cover what PCI DSS is and the various requirements:

  • Part 1 – What is PCI DSS?
  • Part 2- Building and Maintaining a Secure Network (Coming Soon)
  • Part 3 – Protecting Data (Coming Soon)
  • Part 4 – Further Protection on Systems (Coming Soon)
  • Part 5 – Access Control (Coming Soon)
  • Part 6 – Wrap-up (Coming Soon)

Payment Card Industry Data Security Standard (PCI DSS) is a set of policies and procedures intended to protect credit card transactions and sensitive cardholder data. According to PrivacyRights.org, more than 898 million records were breached from 4,823 breaches between January 2005 and April 2016.

 

It is the responsibility of every business that handles credit card transactions to use standard procedures and technologies to protect cardholder data.  Vulnerabilities can appear almost anywhere; some areas of concern are:

  • Point-Of-Sale Devices
  • Mobile Devices
  • Personal Computers
  • Servers
  • Applications
  • Paper (Physical)
  • Transmission Methods

 

Compliance with PCI DSS is enforced by the founding members: American Express, Discover, JCB, MasterCard and Visa. 

 

The credit card brands have multiple levels of PCI DSS requirements for their merchants. Typically, smaller businesses will be permitted to fulfill a Self-Assessment Questionnaire (SAQ) while larger businesses may be required to provide a Report on Compliance (ROC). Different SAQs are available for various business environments. Things like card-not-present merchants or merchants using standalone payment terminals come into play when determining what SAQ version is required.  If you are required to submit a ROC, this will have to be done by a Qualified Security Assessor (QSA).

 

Enforcement of PCI DSS comes in the way of fines from the credit card brands. They come in multiple flavors and sizes from higher per-transaction costs to flat out extra fees, sometimes six figures or more.

 

Even if you are not bound to PCI DSS requirements by a credit card brand, following PCI DSS standards will help protect your business.  Many of the requirements are just good practice.

 

This post is part one of a six-part series, summarizing each of the 12 key areas of PCI DSS. The goal of this series is to provide a basic introduction to PCI compliance.

 

SandStorm is not an approved scanning vendor and can not provide a “Report on Compliance”. However, we can help with remediation and implement procedures, systems, and guidance that will help you be ready. For more information, please contact SandStorm IT at 901-475-0275.

Related Posts

  • What is HIPAA compliance?
  • What is Cybersecurity Awareness and How does it affect my business?
  • Are you protecting your employees' information?
  • Serverless (cloud) computing - What can it do for my business?
  • Are you still running your business on spreadsheets?

Categories: Business, Cybersecurity, General Business

Subscribe to Our Newsletter

Check your inbox or spam folder now to confirm your subscription.

SANDSTORM IT BLOG

Featured
News
Press Releases
SandStorm News
Security Alerts & Vulnerabilities
Managed Services
Managed Anti-Virus/Anti-Malware
Managed Backups & Monitoring
Updates/Patches
Passwords
Cybersecurity
Spyware/Malware/Viruses
Social Engineering/Phishing
Ransomware
Data Breaches/Leaks
Other
Servers
Server & Server Hardware
Cloud/Serverless Computing
Server Operating Systems
Networking
Wired Networking
Wireless/Wi-Fi
Internet of Things (IoT)
5G & Mobile Networking
Business
General Business
Enterprise Resource Planning (ERP)
Voice & Telephony
Backups & Business Continuity
On-Site Backups
Cloud Backups
DR/BCM Planning & Consulting
Personal Computing
Tips/Tricks/Shortcuts
Troubleshooting
Hardware & Peripherals
Desktop Operating Systems
Software & Applications
Office Applications
Desktop Software
Email Software and Applications

Authors

Authors
Doyle Sanders
Jake Sanders
Jordan Sanders
Justin Oliver
Matt Ballard
Robert Cleveland
Cristian Colón
Jacob Ellis
Jeff Fowler
Miker Irick
Curtis Mayo
Josh Restuccio
Lindsey Sanders
Matthew Stafford
Josh Yarbrough

Give Us a Call

(901) 475-0275
61 Atoka-McLaughlin Dr.
Atoka, TN 38004

About SandStorm IT

SandStorm IT is a team of committed professionals who are dedicated and excited to solve your technology needs.  We accomplish this through understanding your business and then applying the appropriate technology solutions to meet the needs.

Our breadth of experience with information technology covers a range of diverse skill sets such as server setup and configuration, network and firewall solutions, VoIP telephone systems, web and database hosting, custom web application programming, mobile development, and IT security practices and policies.

SandStorm IT has the desire, expertise, and commitment to bring your vision to life.

  • Services
  • Technologies
  • Pricing
  • Work
  • About
  • Blog
  • Contact
  • Help Me
Authorized Solution Provider