6 Main PCI DSS Compliance Goals

6 Main PCI DSS Compliance Goals

Payment Card Industry (PCI) rules were created to ensure businesses are providing a safe digital environment for consumers to make credit card payments. Following these PCI guidelines keeps you in compliance with industry rules and also keeps you and your consumers safe from data breaches.

With a larger number of employees now working remotely, understanding the basic PCI goals and implementing secure payment tools has become more important than ever.

PCI DSS Goals and Requirements

Anyone who accepts credit card payments is obligated to adhere to the PCI guidelines in one degree or another, but in simplest terms, being PCI Compliant means ensuring that all details, credit card numbers, and 3-digit CSV numbers, are handled in a secure environment.

PCI DSS purpose:

  • PCI-DSS or Payment Card Industry Data Security Standard was created in 2004 by the major payment card brands.

  • It is a set of requirements for all businesses who process, store or transmit credit card information to follow so it is done in a secure environment.

  • It covers all payment card network brands including American Express, Discover, JCB, MasterCard and Visa.
Credit Card Payment Processing A Guide for Merchants

What are the 6 PCI Goals?

For simplicity's sake, below are the 6 PCI DSS Compliance goals and requirements. The full list is much more extensive and includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures.

  1. Establish and maintain a secure network and system in order to ensure that payment transactions are processed in a robustly secure network. To achieve this, firewalls must be established to protect cardholder data and these firewalls must be effective without causing inconvenience, such as slow processing times, to cardholders.

  1. Protection of stored cardholder data with the needed steps taken to secure against hacking including securely encrypting data that is transmitted through public networks.

  1. Establishing a vulnerability management program which includes frequently updating anti-virus software, anti-spy software, and other anti-malware solutions in order to protect against malicious hackers.

  1. Restrict and control access to system information and operations. Cardholder data should not be provided unless it is required to effectively carry out a transaction and each person who uses a computer in the system must be assigned a unique and confidential identification name or number. This includes protecting physical access to cardholder data as well as data submitted electronically.

  1. Constantly and consistently monitor and test networks to ensure that all security measures are in place and working effectively.

  1. Maintain a policy that addresses information security for all personnel.

PCI Compliance Levels

PCI Compliance Level

Level 1:

Merchants processing over 6 million Visa transactions annually across all channels.

PCI Requirements

Every year:

  • File a Report on Compliance {ROC) by a Qualified Security Assessor (QSA) or internal auditor if signed by an officer of the company.

  • Submit an Attestation of Compliance (AOC) form.

Every quarter:

  • Conduct a quarterly network scan by an Approved Scan Vendor (ASV).

PCI Compliance Level

Level 2:

Merchants processing 1 to 6 million Visa transactions annually across all channels.

PCI Requirements

Every year:

  • Complete a Self-Assessment Questionnaire (SAQ).

  • Submit an Attestation of Compliance (AOC) form.

Every quarter:

  • Conduct a quarterly network scan by an Approved Scan Vendor (ASV).

PCI Compliance Level

Level 3:

Merchants processing 20,000 to 1 million Visa ecommerce transactions annually.

PCI Requirements

Every year:

  • Complete a Self-Assessment Questionnaire (SAQ).

  • Submit an Attestation of Compliance (AOC) form.

Every quarter:

  • Conduct a quarterly network scan by an Approved Scan Vendor (ASV).

PCI Compliance Level

Level 4:

Merchants processing less than 20,000 Visa ecommerce transactions annually and all other merchants processing up to 1 million Visa transactions annually.

PCI Requirements

Every year:

  • Complete a Self-Assessment Questionnaire (SAQ).

  • Submit an Attestation of Compliance (AOC) form.

Every quarter:

  • Conduct a quarterly network scan by an Approved Scan Vendor (ASV).

Goals for PCI Levels

There are different levels of certification:

  • Level 1 Service Provider or Level 1 Merchant certification requires an on-site assessment by a qualified security assessor.

  • Level 2-4 Merchant certification can be attained by self-assessment via the Self Assessment Questionnaire (SAQ).

A business can only self-certify by completion of a Self Assessment Questionnaire (SAQ), if you have:

  • Never suffered a data breach. Are using the services of a third-party payment processor that has attained Level 1 Certification, such as PDCflow.

  • A processing level of less than 6 million visa transactions a year.

Why Choose a Level 1 PCI Service Provider?

The PCI-DSS standard is recognized as the security benchmark for payments and Level 1 Compliance. It is a clear indicator of a mature processor which can be safely used to process your payments.

PDCflow recertifies each year as a Payment Card Industry-Data Security Standard (PCI DSS) Level 1 Service Provider. A detailed assessment is completed to ensure credit card data is stored, processed and transmitted in a secure and protected manner.

The comprehensive assessment for Level 1 certification includes document collection and analysis, vulnerability scanning and penetration testing as well as regularly recurring scans throughout the year.

Along with the cost and time burden that accompanies becoming and staying PCI certified, PDCflow also understands the struggle of adjusting office procedures to the new reality of remote work.

Our Flow technology keeps your business and consumers safe no matter where your staff is processing credit card payments. Your employees never see, hear, or touch cardholder data while remaining on the phone to take orders or payments.

To learn more about your company’s PCI compliance responsibility, why it’s important, and how a Level 1 processor can help keep you and consumers safe, check out our PCI compliance guide for businesses.
Become a subscriber for more resources and strategies to improve the payment experience for your customers and create a better cash flow for your business.

Subscribe for Weekly or Monthly Updates:

Want to know more about PDCflow Software?

Press ▶️ to watch our explainer video

See how our Flow Technology can create a one-step workflow for your contracts/invoices and payments. Book a demo today.
Book Demo

ONE-STEP PROCESS
Consolidate multi-step processes into one easy step for your staff and customers. Eliminate the need for multiple software vendors. Send all your business transactions in one Flow smart request.
Explore Flow Technology
Share this post!
- ABOUT THE AUTHOR -
Dawn Updike - PDCflow Marketing Manager
Dawn Updike, Marketing Manager

Dawn Updike is a Marketing Manager at PDCflow. She has a background in Customer Success and has worked in the SaaS industry for over ten years.

LinkedIn - Dawn Updike
Related Articles
How To Take Secure Payments Over the PhoneStoring Credit Card Information Risks and Best Practices