PCI-DSS Certification

What is PCI-DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all businesses accepting, processing, storing or transmitting credit card information maintain a safe environment.

The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006, to manage the ongoing evolution of the security standards of Payment Card Industry (PCI) with a focus on improving the security of payment account throughout the transaction. PCI DSS is managed and administered by the PCI SSC. An independent body made by major card brands(Visa, Mastercard, American Express, Discover and JCB).Payment brands and acquirers have to make sure that they have complied with PCI DSS, not the PCI council.

Who needs PCI-DSS Certification?

Any Business dealing in storing and sorting card details(credit, debit, atm, gift card, prepaid card) irrespective of its size, the number of employees and number of the transaction need to have PCI DSS.

Merchant level is defined by VISA:

Merchant level 1: Each merchant — irrespective of the channel of acceptance — processes more than 6 M Visa transactions per year. Any merchant that Visa decides will meet the Level 1 merchant criteria at its absolute discretion, in order to reduce risk to the Visa program.

Merchant level 2: Each merchant — irrespective of the channel of acceptance — processes 1 M to 6 M Visa transactions each year.

Merchant level 3: Any merchant processing e-commerce transactions of 20,000 to 1 M Visa per annum.

Merchant level 4: Any merchant processing less than 20,000 Visa e-commerce transactions per year, and all other merchants processing up to 1 M Visa transactions per year, irrespective of the channel of acceptance.

Process of getting PCI-DSS

It is a systematic step-wise process to get a PCI DSS for your business.

A. Assessment of Business Level- Your first job is to analyze where you are right now. For different businesses, there are different security standards based on how you handle customer transactions, how you handle data, what credit card companies and banks you work with, and how much volume you handle. Various companies have different standards here, such as MasterCard's and Visa's, which describe four and five corporate Levels, respectively. Analyze where you are coming from and how your business is described in the general standards of PCI, so you are ready for the next steps.

B. Self-Assessment Questionnaire- The self-assessment questionnaire (SAQ) is a relatively painless guide that can be used to assess your current level of compliance. Actually, there are nine different versions of the SAQ guide, but don't let that scare you. These versions are available for different types of business, so you'll need only a book that applies to your business. When you have it, the guide is going to walk you About a dozen different requirements, and for each of them, you'll answer "yes," "no," or "N / A." This will help you identify the missing parts of your company's payment security.

C. Changes if any- after the self - assessment questionnaire (SAQ) is filled if any shortcomings on compliance it needs to be corrected after necessary correction  SAQ is filled again.

D. Formal Attestation of compliance - Once you are done with SAQ you need to file formal Attestation of compliance. This is a legal formality which states that your business is fully compliant with PCI Standards.

E. Audit- Once you are done with AOC you can have the process audit and have a report made on your process only to file paperwork and get a PCI DSS.

F. Filing- Paperwork is filed with your credit card/debit card/ bank you will need to submit your SAQ and AOC along with it once filed you will be PCI DSS within few days.

Benefits of PCI-DSS Certification

➲ Boost customer faith while making the transaction

➲ Protects customer/merchants form hefty fines

➲ PCI certification and seal will build more customer

➲ Helps in defending a lawsuit in verse of a data breach

➲ Helps in maintaining worldwide industry standard

Documents Required for PCI-DSS Certification

Report on Compliance (ROC) – All Level 1 merchants undergoing a PCI DSS audit must fill in this form. A Level 1 dealer is one who handles more than 6 million transactions a year. The Report on compliance shall be used to check that the audited merchant complies with the PCI DSS requirements.

Self Assessment Questionnaire (SAQ) – The PCI DSS self-assessment questionnaire (SAQ) is a testing tool to help retailers and service providers self-assess their compliance. Every year, merchants have to complete the questionnaire and send it to their bank for the transaction.

The 12 PCI DSS requirements – Merchants to meet the PCI DSS specifications range from installing and maintaining a firewall, protecting stored cardholder data, designing and maintaining stable systems, and restricting cardholder access. Each of the 12 criteria calls for written documentation to demonstrate how they meet the requirements.

An Audit Trail – Merchants should document as much as they can about their processes and procedures, their network, their configuration, and their approach – to create and maintain an audit trail to refer to should a data breach take place.     

 

Timeline & Costs Involved

How much time does it take?

It usually takes around 2 weeks' time to get PCI DSS and still it depends upon your SAQ and AOC that how much it will take to get PCI DSS.

Cost of getting PCI DSS Certification

➲ PCI vendor consulting from PCI certification vendor.

➲  Quarterly scans

➲  Yearly Audits

➲  Compliance Consultant Professional Fees may be included or excluded In the package as per agreement from the Consultant/Professional.

Stages to obtain PCI-DSS Certification

Stage 1

SPEAK WITH OUR TEAM

We are just a call or message away!

Call or WhatsApp us on +91-99991-39391 to free consultation about this service with our team of professional. You can also email us on reach@corpzo.com.

Stage 2

FILING OF THE APPLICATION

Precision is our speciality!

Upon completion of the documentation we waste no time in preparation and filing of your application. Once filed we will share the acknowledgement with you.

Stage 3

DEDICATED PROFESSIONAL

We understand your business needs!

We align a professional to ensure you have you to discuss in detail the compliance requirements of your business and through assistance throughout the process.

Stage 4

SHARE YOUR DOCUMENTS

Accuracy ensures timelines!

Our team warrants hassle free documentation. We collect the necessary documents and share the relevant drafts to ensure a timely filing and delivery.

Stage 5

SYSTEMATIC INFORMATION

Keeping you informed is our responsibility!

We thrive to keep you apprised about the status of your application until its completion. Every development on your application is brought to your attention.

Stage 6

SUCCESSFUL COMPLETION

We deliver what we commit!

Email Us At

reach@corpzo.com

Call Us

+91 9999 139 391