abacode header image

PCI-DSS

As certified experts in cybersecurity and compliance, we focus on FedRAMP readiness, preparing organizations for 3PAO assessments and maintaining compliance.

 

Goals

PCI DSS Requirements

Build and Maintain a Secure Network

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

  1. Protect stored cardholder data
  2. Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

  1. Use and regularly update anti-virus software or programs
  2. Develop and maintain secure systems and applications

Implement Strong Access Control Measures

  1. Restrict access to cardholder data by business need-to-know
  2. Assign a unique ID to each person with computer access
  3. Restrict physical access to cardholder data

Regularly Monitor and Test Networks

  1. Track and monitor all access to network resources and cardholder data
  2. Regularly test security systems and processes

Maintain an Information Security Policy

  1. Maintain a policy that addresses information security for employees and contractors

4 Levels of PCI

LEVEL 1

Merchants that handle:

  • 6 million+ Visa, Mastercard, or Discover transactions per year
  • 2.5 million+ American Express transactions per year
  • 1 million+ JCB transactions per year

Merchants that have suffered a data breach or cyberattack resulting in compromised cardholder data or that have been identified by a card issuer as Level 1

REQUIREMENTS

  • Annual Report on Compliance (ROC) by a Qualified Security Assessor (QSA)
  • Quarterly network scan by an Approved Scan Vendor (ASV)
  • Attestation of Compliance Form

LEVEL 2

Merchants that handle:

  • 1-6 million Visa, Mastercard, or Discover transactions per year
  • 50,000 to 2.5 million American Express transactions per year
  • less than 1 million JCB transactions per year

REQUIREMENTS

  • Annual Self-Assessment Questionnaire (SAQ)
  • Quarterly network scan by an Approved Scan Vendor (ASV)
  • Attestation of Compliance Form

LEVEL 3

Merchants that handle:

  • 20,000 – 1 million Visa e-commerce transactions per year
  • 20,000+ Mastercard e-commerce transactions per year, and up to to 1 million total Mastercard transactions per year
  • 20,000 – 1 million Discover card-not-present transactions per year
  • less than 50,000 American Express transactions

REQUIREMENTS

  • Annual Self-Assessment Questionnaire (SAQ)
  • Quarterly network scan by an Approved Scan Vendor (ASV)
  • Attestation of Compliance Form

LEVEL 4

Merchants that handle:

  • less than 20,000 Visa or Mastercard e-commerce transactions per year
  • up to 1 million Visa or Mastercard transactions per year

REQUIREMENTS

  • Established by the merchant’s acquiring bank
  • Usually include an SAQ and Quarterly Network Scan by an ASV

Why Choose Abacode as Your MSSP?

As certified cybersecurity & compliance experts (CISSP, CIA, CISA, CEH, PMP, etc.), PCI-DSS framework is one of our focuses. Abacode continuously prepares organizations for their 3PAO assessments throughout the year and help them maintain compliance moving forward.

Abacode’s compliance portal helps streamline continuous compliance and security control effectiveness tracking for organizations before, during, and after assessments.

Connect with us today to learn more about the PCI-DSS compliance process and the cost of implementing a PCI-DSS program.