Tracer Payments

PCI - DSS has been around for a while and is now being mandated more effectively.

http://www.pcisecuritystandards.org/

Good news is that you do not need to hire a consulting firm with a price take of $2,000-$20,000 in most instances but you have to do something about the regulations associated with processing which are coming directly mandated from the card issuers (Visa/Mastercard).

The first step is identifying what level merchant you are considering you are. Once you know then you can take the appropriate action. Note: If you are a level 4 merchant you can wait for your processor to contact you with their mandated program.

PCI Data Security Standard Compliance for Merchants

Merchant Level	Selection Criteria	Validation Actions	Validated By
1	Any merchant - regardless of acceptance channel - processing more than 6,000,000 Visa transactions per year Any merchant that has suffered a hack or an attack that resulted in an account data compromise Any merchant identified by any card association as Level 1	Annual On-Site Security Audit and Quarterly Network Scan	Independent Security Assessor or Internal Audit if signed by an Officer of the company Qualified Independent Scan Vendor
2	1 million - 6 million Visa or MasterCard transactions per year	Annual PCI Self-Assessment Questionnaire and Quarterly Network Scan	Merchant Qualified Independent Scan Vendor
3	20,000 – 1 million Visa or MasterCard e-commerce transactions per year	Annual PCI Self-Assessment Questionnaire and Quarterly Network Scan	Merchant Qualified Independent Scan Vendor
4	Less than 20,000 Visa or MasterCard e-commerce transactions per year, and all other merchants processing up to 1 million Visa or MasterCard transactions per year	Recommended Annual PCI Self-Assessment Questionnaire and Quarterly Network Scan	Merchant Qualified Independent Scan Vendor Validation requirements and dates for Level 4 merchants are determined by the merchant's acquirer. Submission of scan reports and/or questionnaires by level 4 merchants may be required.

What does this all mean?
This compliance is what is required by MC/VISA of their processors, (First Data, NPC, Etc.) and the above chart is what is they are being told they must have their merchants doing. The processors have incurred significant expenses caused by this requirement and they will pass this on to the merchants. These expenses are the process of contacting, supporting, and maintaining the records to show they have managed the regulation correctly.

Merchants should expect to see a monthly fee added to their statement or may see an annual fee ranging from 100-450 to pay for this whole process or if they ignore the requirements.

Keep in mind once you complete the requirements it does not mean you are not liable for a breach of security.