Ohio Web Design and SEO | Joomla Development | Dynamic Webs, LLC in Findlay, Ohio

Ohio Web Design | Joomla Developer
E-Commerce
| SEO | SEM | Internet Marketing
Located in Findlay Ohio, near Toledo, Bowling Green, Fremont,
Sandusky,
Port Clinton, Lima, Dayton, Columbus, Cincinnati, Cleveland and Fort Wayne Indiana

You are here: Home Services PCI Compliance

PCI Compliance

E-mail Print

You are probably wondering how PCI DSS Compliance applies to you or even for that matter, what is PCI DSS Compliance?

"PCI DSS stands for Payment Card Industry Data Security Standard, and is a worldwide security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The standard was created to help organizations that process card payments prevent credit card fraud, hacking and various other security vulnerabilities and threats. A company processing, storing, or transmitting payment card data must be PCI DSS compliant. Non-compliant companies who maintain a relationship with one or more of the card brands, either directly or through an acquirer risk losing their ability to process credit card payments and being audited and/or fined [1]. All in-scope companies must validate their compliance annually. This validation can be conducted by auditors - i.e. persons who are PCI DSS Qualified Security Assessors (QSAs), however smaller companies have the option to use a self-certification questionnaire. Whether this questionnaire needs to be validated by a QSA depends on the requirements of the card brands in that merchant's region." - Wikipedia.org

For simplistic sake, I will be discussing how PCI DSS Compliance relates to Level 4 Vendors and Merchants... Businesses that process less than 20,000 transactions per year.

Dynamic Webs can assist you with your PCI Compliance Scanning and Reporting.

Cost: $895 without paypal pro account.  $495 with paypal pro account.

We will assist in setting up your account, conducting the first set of scans, troubleshooting the results, and securing your home network and providing fixes to your Internet Service Provider hosting your website.  Additionally, we will conduct a total of 4 scans per year using your McAfee account.  Finally, we will write your first report and paperwork for your records.  Additional troubleshooting of networks, websites and additional report writing will be billed at a rate of $65 per hour.

 

New Credit Card Security Standards FAQ

Who is required to meet the PCI security standard?

Any Level 4 vendor, merchant, or small business person who processes less than 20,000 transactions must comply with the following rules and regulations with PCI Compliance.  Below you will find the PCI Compliance Information as provided by McAfee.  We use McAfee to conduct our security scans.  We suggest all clients find a vendor of their choice and go through the compliance steps to avoid penalties and loss of credit card processing.

All entities that accept credit or debit card payment, collect, process or store credit card transaction information, regardless of their transaction volume, are required to meet the PCI standard by June 30, 2005. Failure to comply with the PCI security standard may result in substantial fines or permanent expulsion from card acceptance programs.

All Acquiring Banks (merchant banks) are also required to have received certified proof of PCI compliance from merchants with more than 20,000 transactions per year by June 30, 2005. This does not mean that only merchants with more than 20,000 transactions per year are required to meet the PCI standard. Acquiring Banks are required to have documented proof of compliance form these merchants, or be liable to fines themselves. Many banks are already requiring all merchants, regardless of transaction volume, to produce this Certification of PCI Compliance.

What are the PCI security standards?

The new Payment Card Industry (PCI) data security standards are network security and business practice guidelines developed by Visa, MasterCard, American Express and Discover Card. They were developed to establish a 'minimum security standard' with regards to the protection of cardholders' account and transaction information.

What do I need to do to meet the PCI standards?

The PCI standard comprises two basic steps:

1. Pass quarterly remote vulnerability scans conducted by an a Visa and MasterCard Qualified Independent Scan Vendor such as McAfee. Scans are required for all Internet connection points whether they are office networks or home/office connections (dial-up, DSL, cable or wireless) or permanent Internet servers such as your web site and email server, etc.

2. Successful completion of a security self-assessment questionnaire. The self assessment questionnaire asks specific questions about your internal security practices, both on your web site and in your office. ScanAlert provides an online wizard tool to help you properly complete this form.

What does the HACKER SAFE Certified PCI Compliance service include?

The comprehensive and easy-to-use McAfee PCI certification service includes:

  • Access to the HACKER SAFE web-based Vulnerability Management Portal
  • Scheduled quarterly automated vulnerability scans
  • Unlimited on-demand manual scans to re-test systems whenever needed
  • Detailed instructions to patch all vulnerabilities found during scans
  • Online tutorials to help understand and prepare the security self-assessment questionnaire
  • Preparation of the Report on Compliance (ROC) documentation for submission to your merchant bank
  • Access for your merchant bank to review your Report on Compliance online

Who is McAfee?

McAfee is the world's largest ecommerce security auditing service, protecting and certifying more than 80,000 web sites in 40 countries through its HACKER SAFE certification trustmark program. McAfee is accredited by MasterCard and VISA to provide PCI compliance services. More information is available at http://www.hackersafe.com

As a Visa and MasterCard Qualified Independent Scan Vendor, all credit card companies and banks worldwide accept McAfee's HACKER SAFE Certification of PCI Compliance.

If McAfee is going to prepare my company's Visa PCI Compliance Report, why isn't McAfee on the Visa CISP Assessor List?

Only merchants with over 6 million transactions per year require an on-site audit, conducted by a Qualified Independent Security Assessor, or Visa CISP Assessor, in addition to network scans conducted by a Qualified Independent Scan Vendor such as McAfee.

For merchants transacting more than 6 million credit card purchases per year, and all levels of payment processors, McAfee will provide a quote for an on-site CISP Level 1 Compliance Assessment performed by our CISP Assessor partner, PSC.

What if the scan result shows that my site has vulnerabilities?

Complete instructions for patching any vulnerabilities are available within your Vulnerability Management Portal. This information can be easily made available directly to your web host or IT staff using your HACKER SAFE account. Online technical support is also available.

What do I do after my web site has been scanned and I have completed the security self assessment?

Within your Vulnerability Management Portal, you can print a PCI compliance report as well as the completed self-assessment form. You may also have McAfee submit this information directly to your merchant bank.

Does McAfee provide customer support as part of its PCI data security service?

Customer support is available through the HACKER SAFE online portal where you will find a variety of resources, including best practices information, FAQs and online support request forms to help you understand how to pass the security scans as well as complete the self- assessment questionnaire.

How do I sign up?

Merchants can sign up online at https://www.hackersafe.com/SignUp.sa. Please ask your web host or payment processor for a discount code.

ATTENTION ALL PAYPAL PRO CUSTOMERS!  All Paypal Pro Customers get a FREE account through McAfee.  Call 877.302.9965 to register your free account.  Make sure to mention you are a Paypal Pro customer... They will email you a confirmation and account info.

What if I have already paid for compliance from another PCI security company?

If you are already using another PCI security scanning service, you can easily switch to McAfee and save hundreds or thousands of dollars. All credit card companies and all banks accept McAfee's Certified PCI Compliance.

Where can I get more information about meeting the PCI standards?

More information, including complete step-by-step instructions for meeting the PCI requirements are available within your HACKER SAFE account under the PCI tab.

Where can I find references about the PCI requirements?

PCI program summary:
https://sdp.mastercardintl.com/pdf/pcd_manual.pdf

PCI security scanning procedures:
https://sdp.mastercardintl.com/pdf/PCS_Manual.pdf

PCI self-assessment questionnaire:
https://sdp.mastercardintl.com/pdf/758_PCI_Self_Assmnt_Qust.pdf

Merchant definition matrix is available at:
https://sdp.mastercardintl.com/merchants/merchant_levels.shtml

Last Updated ( Tuesday, 26 May 2009 14:53 )  
Banner

Recent Sites

Ohio SAF

Ohio SAF

Ohio Society of American Foresters recently contracted DCG to develop a website that they could update on their own.  Using the Joomla CMS system, DCG constructed several pages and sections of the site and then provided training to the staff at Ohio SAF on how to edit and update the site.  After a couple of meetings and training sessions, Ohio SAF is now maintaining the site on their own.

Visit Site

Read more...

Request a Quote

Request a Quote
Your Name (*)
Invalid Input
Email Address (*)
Invalid Input
phone (*)
Invalid Input
Best Time to Call
Invalid Input
Project Description
Invalid Input
budget
Invalid Input
Anti Spam Pass Key Anti Spam Pass Key
Invalid Input

Login Form



Live Help Chat

Ohio "Good Standing"

Awarded July 1, 2009




Dynamic Webs, LLC
Awarded Certificate of
Good Standing
from Secretary of State
Jennifer Brunner

Validation Number: V2009182JA11C5

Click here to check validation number.

Membership Affiliations

Guild of Accessible Web Designers

ITT Technical Institute Logo
Technology Advisor to ITT Technical Institute

 

Marblehead Peninsula Chamber of Commerce Logo
Director-At-Large
Marblehead Peninsula Chamber of Commerce

 

Knights of Columbus Logo
3rd Degree Knight of Columbus
Findlay, Ohio 45840

 

Professional Developer of Joomla Web Sites