The Payment Card Industry Security Standards Council, a consortium of the major payment card associations (e.g. Visa, MasterCard, AmEx, etc.), requires that merchants accepting payment cards adhere to specific standards called the PCI Data Security Standards (PCI DSS). This also applies to service providers hosting systems for merchants.Speak With Our PCI DSS Compliance Team
Book A Complimentary Consultation With KalioTek™ Today.
The Payment Card Industry Security Standards Council, a consortium of the major payment card associations (e.g. Visa, MasterCard, AmEx, etc.), requires that merchants accepting payment cards adhere to specific standards called the PCI Data Security Standards (PCI DSS). This also applies to service providers hosting systems for merchants. Failure to comply can result in fines and termination of the right to accept payment cards, in addition to other well-publicized consequences of security breaches. While PCI standards are not the law, several state laws now include components of the PCI standard and efforts to enact federal legislation are underway. PCI requirements are here to stay.
Merchants and service providers who store, process, or transmit credit card data must comply. Those with higher card transaction volume are required to have an annual on-site assessment performed by an independent PCI-certified Qualified Security Assessor (QSA).
Smaller merchants are still required to meet all the same standards and certify their compliance through a Self-Assessment Questionnaire (SAQ).
PCI DSS requires very specific technology solutions to ensure data security. Complying with these standards requires advanced knowledge of data systems, network architecture, and IT security. KalioTek™™ brings many years of experience in eCommerce data center management, IT security, and PCI compliance to each client engagement.
Build and Maintain a Secure Network
Protect Cardholder Data
Maintain a Vulnerability Management Program
Implement Strong Access Control Measures
Regularly Monitor and Test Networks
Maintain an Information Security Policy
Merchants and service providers not required to have a third-party assessment must submit a Self-Assessment Questionnaire (SAQ). This is a validation tool to assist in self-evaluating compliance with the Payment Card Industry Data Security Standard (PCI DSS). Partner with KalioTek™™ for assistance in this process.
The answers you provide on the SAQ are serious claims about your organization’s security capabilities. In the event of a security breach or loss of data, you will be held accountable for these claims. When in doubt, get help rather than assuming or guessing.
Our Qualified Security Assessors (QSA) provide assistance to merchants and service providers who qualify to submit the SAQ.
Assistance can take the following forms:
Maintaining PCI Compliance and protecting your company’s operations is a journey, not an event. Our QSA’s are available to assist you in planning and evaluating your infrastructure as yoru requirements and infrastructure evolve.