PCI Compliance in Chicago
Any organization or business that stores, processes or transmits cardholder data is required to be PCI compliant. This is true for small and large companies alike. Failure to comply can result in large fines and losing the ability to process credit and debit card payments.
Our security team specializes in helping SMBs and Mid-Markets understand and comply with the PCI Data Security Standard (DSS) regulations. We can help your organization reduce the risk of a security breach.
Equilibrium specializes in helping our clients either reduce or eliminate the significant expense of hiring a QSA (Qualified Security Advisor). We also come with a strategic mindset and approach to help you secure all of network segments, systems and data appropriately. We believe that starting with a mindset of securing your organization, as a whole, will naturally enable compliance and reduce critical risk in other IT areas.
A QSA (Qualified Security Advisor) is a designation provided by the PCI Security Standards Council to individuals that passed certain training and are employees of an approved PCI security auditing firm. Your requirement to leverage an official QSA depends on the PCI "category" designated for your organization based on certain criteria.
A "merchant" is defined as an entity that accepts payments cards from any of the (5) members of the PCI Security Standards Council (Visa, MasterCard, American Express, Discover or JCB). The PCI SSC divides merchants into one of four levels as shown in the table below.
PCI Merchant Levels
|Level 1||Greater than 6 Million Transactions Annually|
|Level 2||Between 1 Million and 6 Million Transactions Annually|
|Level 3||20,000 to 1 Million Transactions Annually|
|Level 4||20,000 or Less Transactions Annually|
Typically only merchants in Level 1 leverage a QSA. In this group, the high transaction volume, risk and complexity of the environment typically justifies the expense.
Organizations within Level 2, Level 3 or Level 4 must complete an Annual Self Assessment. Those in Level 2 also require additional internal staff training.
Quarterly Vulnerability Scan
All levels of merchants require a quarterly vulnerability scan. This must be completed by an Approved Scanning Vendor (ASV). Equilibrium's security team are experts in executing and assessing the results of vulnerability scans. We partner with ASVs to provide required final authority. This gives our clients the complete package for PCI compliance management. You don't need to search for a separate security and compliance partner aside from Equilibrium.
Self-Assessment Questionnaire (SAQ)
Navigating the Self-Assessment Questionnaire (SAQ) alone and simply finding where to start can be daunting. You may be required to comply with anywhere form 13 to 288 security controls depending on how you are handling transactions and your environment.
Equilibrium has helped many organizations highlight their control gaps and bring their credit card system within compliance in short order. We have also helped companies manage the process of outsourcing all credit card handling to greatly simplify their requirements. Our combined experience with compliance, IT governance, network architecture and security controls gives Equilibrium a major competitive advantage.
Data Security Standard v3.1 Changes
The PCI Security Standards Council released v3.1 of their Data Security Standard on April 15, 2015. Version 3.0 was retired on June 30, 2015. The new version included many minor changes, but most notably changes related to SSL encryption. Version 3.1 deprecates SSL 3.0 and requires the use of TLS 1.0 or above.
If your organization is using SSL 3.0 on your credit processing network, you are not compliant. If you fail on this control or any one of the other controls in the SAQ, you are not compliant. PCI takes a stringent "all-or-nothing" approach.
Achieving PCI compliance is a point-in-time event. Adhering to the PCI Data Security Standard is a continuous process. Scans must be completed quarterly and the QSA is due annually. We will be there to support your organization and ensure you maintain PCI compliance.
You've worked hard to build your organization to where it is today. Don't wait another minute. Contact Equilibrium to get your PCI compliance questions answered.