PCI Compliance in Chicago

Any organization or business that stores, processes or transmits cardholder data is required to be PCI compliant. This is true for small and large companies alike. Failure to comply can result in large fines and losing the ability to process credit and debit card payments.

Our security team specializes in helping SMBs and Mid-Markets understand and comply with the PCI Data Security Standard (DSS) regulations. We can help your organization reduce the risk of a security breach.

PCI Compliance | Security | Chicago IT | Equilibrium | EQInc.com

 

Equilibrium specializes in helping our clients either reduce or eliminate the significant expense of hiring a QSA (Qualified Security Advisor). We also come with a strategic mindset and approach to help you secure all of network segments, systems and data appropriately. We believe that starting with a mindset of securing your organization, as a whole, will naturally enable compliance and reduce critical risk in other IT areas.

A QSA (Qualified Security Advisor) is a designation provided by the PCI Security Standards Council to individuals that passed certain training and are employees of an approved PCI security auditing firm. Your requirement to leverage an official QSA depends on the PCI "category" designated for your organization based on certain criteria.

A "merchant" is defined as an entity that accepts payments cards from any of the (5) members of the PCI Security Standards Council (Visa, MasterCard, American Express, Discover or JCB). The PCI SSC divides merchants into one of four levels as shown in the table below.

 

PCI Merchant Levels

Level 1 Greater than 6 Million Transactions Annually
Level 2 Between 1 Million and 6 Million Transactions Annually
Level 3 20,000 to 1 Million Transactions Annually
Level 4 20,000 or Less Transactions Annually

Typically only merchants in Level 1 leverage a QSA. In this group, the high transaction volume, risk and complexity of the environment typically justifies the expense.

Organizations within Level 2, Level 3 or Level 4 must complete an Annual Self Assessment. Those in Level 2 also require additional internal staff training.

 

Quarterly Vulnerability Scan

All levels of merchants require a quarterly vulnerability scan. This must be completed by an Approved Scanning Vendor (ASV). Equilibrium's security team are experts in executing and assessing the results of vulnerability scans. We partner with ASVs to provide required final authority. This gives our clients the complete package for PCI compliance management. You don't need to search for a separate security and compliance partner aside from Equilibrium.

PCI Compliance | Security | Chicago IT | Equilibrium | EQInc.com

 

Self-Assessment Questionnaire (SAQ)

Navigating the Self-Assessment Questionnaire (SAQ) alone and simply finding where to start can be daunting. You may be required to comply with anywhere form 13 to 288 security controls depending on how you are handling transactions and your environment.

Equilibrium has helped many organizations highlight their control gaps and bring their credit card system within compliance in short order. We have also helped companies manage the process of outsourcing all credit card handling to greatly simplify their requirements. Our combined experience with compliance, IT governance, network architecture and security controls gives Equilibrium a major competitive advantage.

 

Data Security Standard v3.1 Changes

The PCI Security Standards Council released v3.1 of their Data Security Standard on April 15, 2015. Version 3.0 was retired on June 30, 2015. The new version included many minor changes, but most notably changes related to SSL encryption. Version 3.1 deprecates SSL 3.0 and requires the use of TLS 1.0 or above.

If your organization is using SSL 3.0 on your credit processing network, you are not compliant. If you fail on this control or any one of the other controls in the SAQ, you are not compliant. PCI takes a stringent "all-or-nothing" approach.

 

Retaining Compliance

Achieving PCI compliance is a point-in-time event. Adhering to the PCI Data Security Standard is a continuous process. Scans must be completed quarterly and the QSA is due annually. We will be there to support your organization and ensure you maintain PCI compliance.

 

You've worked hard to build your organization to where it is today. Don't wait another minute. Contact Equilibrium to get your PCI compliance questions answered.

 

Questions?  Call us today in Chicago at 773-205-0200 | Email us at  | Request a FREE Consultation

 

Contact Us

Call today! 773.205.0200 or use the form below.

 

 

 

FREE Consultation

free consultation

 

Call today and speak to one of our specialists to receive your FREE Consultation!

 

 

Refer a New Client

refer a client

 

Refer a NEW CLIENT to EQ and everybody wins! Earn yourself CASH and your company FREE Consulting Time.

 

 

Refer an IT Expert

eq it certifications blue background big

 

Refer an IT EXPERT for a career with EQ and everybody wins! Earn yourself CASH and your company FREE Consulting Time.

 

Client Login

Login to our Customer Service Portal here.

 

Login here