Insider Spot

Business Resource Center

Welcome to Sekure Merchant Services Business Resource Blog

All Posts

PCI Compliance Checklist and Guide

A PCI compliance checklist is a must for any business that processes credit cards. If your business accepts payment cards from MasterCard, Visa, American Express, Discover, or JCB, you are required to be PCI compliant as determined by your transaction volume.

 Payment Card Industry Data Security Standard (PCI DSS) or, more commonly, PCI Compliance — is important because it establishes a list of requirements that help business owners protect sensitive cardholder information. PCI standards protect your customers from security breaches and go a long way towards preventing identity theft.

A PCI Compliance Checklist Ensures:

The secure storage of credit card data on-site, both virtually and physically. This standard applies only to companies that store credit card data.

Secure transmission of credit card data across public networks. Data can be vulnerable when it’s in transit, and passwords, PIN numbers, and other methods can keep cardholder information safe.

PCI Compliance Checklist to Protect Cardholder Data

  • Install and maintain a firewall, which is a network security system that uses a pre-established set of rules to monitor and control traffic going to and coming from a network.
  • Protect stored cardholder data
  • Maintain updated anti-virus software
  • Encrypt transmission of cardholder data across public networks
  • Use and frequently update system passwords and other security parameters that are supplied by vendors
  • Ensure you are maintaining the security of your systems
  • Regularly test security systems
  • Restrict virtual and physical access to cardholder data
  • Assign a unique ID to each person with computer access
  • Track and monitor all access to network resources and cardholder data
  • Train your staff in how to help maintain effective security of customer data

Compliance Levels and Requirements

The first step to a PCI compliance checklist is to figure out which level of compliance your business falls under. Not all compliance reporting requirements are the same and differ based on your processing volume.

While each of the five credit card brands listed above has its own data security programs that require merchants to safeguard credit card processing data, here is an overview of merchant levels to determine how to stay PCI compliant.

MERCHANT LEVEL 1

Whom It Applies To:

  • Businesses that process over 6 million transactions per year
  • Any merchant that has had a data breach or attack that resulted in an account data compromise
  • Any merchant identified by any card association as Level 1.

Level 1 PCI Requirements:

  • Annual Report on Compliance by a Qualified Security Assessor — also known as a Level 1 onsite assessment — or internal auditor if signed by an officer of the company
  • Quarterly network scan by approved scan vendor
  • Attestation of Compliance form

MERCHANT LEVEL 2

Whom It Applies To:

Businesses that process 1 million to 6 million transactions per year.

Level 2 PCI Requirements:

  • Complete the PCI DSS Self-Assessment Questionnaire according to the instructions it contains
  • Complete and obtain evidence of a passing vulnerability scan with a PCI SSC Approved Scanning Vendor
  • Complete the relevant Attestation of Compliance in its entirety
  • Submit the SAQ, evidence of a passing scan and the Attestation of Compliance, along with any other requested documentation, to your acquirer

MERCHANT LEVEL 3

Whom It Applies To:

Businesses that process between 20,000 and1M e-commerce transactions per year.

Level 3 PCI Requirements:

  • Complete the PCI DSS Self-Assessment Questionnaire according to the instructions it contains
  • Complete and obtain evidence of a passing vulnerability scan with a PCI SSC Approved Scanning Vendor
  • Complete the relevant Attestation of Compliance in its entirety
  • Submit the SAQ, evidence of a passing scan, and the Attestation of Compliance, along with any other requested documentation, to your acquirer

MERCHANT LEVEL 4

Whom It Applies To:

Businesses that process  20,000 e-commerce transactions or less and all other sellers that process up to 1M transactions per year.

PCI Requirements:

  • Complete the PCI DSS Self-Assessment Questionnaire according to the instructions it contains
  • Complete and obtain evidence of a passing vulnerability scan with a PCI SSC Approved Scanning Vendor
  • Complete the relevant Attestation of Compliance in its entirety
  • Submit the SAQ, evidence of a passing scan, and the Attestation of Compliance, along with any other requested documentation, to your acquirer

Why PCI Compliance Matters and What It Costs

While PCI compliance is not enforced legally, there are consequences for business owners who do not maintain PCI standards, including data breaches, fines, card replacement costs, costly forensic audits, and investigations into your business, not to mention losing the trust of your customers.

Monthly PCI compliance fees typically range from  $4.99 to $19.99. PCI non-compliance fees — for businesses that fail to maintain proper security standards and procedures as outlined by their credit card processor — are about $20 per month.

PCI compliance fees are levied by credit card processors and can be accompanied by some benefits for the business owner paying them. Reputable processors provide support and guidance to business owners on how they can remain PCI compliant. Others, unfortunately, will simply charge the fee without providing much value. Doing a little bit of legwork can ensure that you are getting your money's worth for the PCI compliance fees you are paying.

PCI Compliance Myths

As you go through your PCI checklist, be mindful that there are a number of myths and misconceptions pertaining to this relatively poorly understood area on credit card processing.

Myth #1: PCI compliance is only necessary if you are a big business.

While the different merchant levels seem to imply that PCI compliance is geared only towards large businesses with millions of annual transactions, the safety and security of customer data is perhaps even more critical for small businesses. 

Myth #2: Breach protection insurance fees protect against data breaches, even if you're non-compliant.

Myth #3: PCI compliance only applies to businesses that store credit card information.

Myth #4: The PCI data security standard is open to interpretation.

How Sekure Can Help with PCI Compliance

A PCI compliance checklist involves many steps. As you’re working your way to being PCI compliant, remember the person whom your efforts will impact the most: your customer. The number one reason to achieve PCI compliance is to earn your customers’ trust so they know you are keeping their personal information safe and secure.

Learn More

Sekure helps you protect customer data and meet PCI compliance standards with our partner, North American Bancard (NAB) a company safeguarding sensitive cardholder data for more than 25 years. To learn more about achieving PCI compliance, contact us today.

Jennifer Mullen
Jennifer Mullen
Jenn is Sekure's Content Marketing Manager, and a passionate advocate for small business owners. In her spare time, she has deep conversations with her cats Chairman Meow and Oscar Wilde. Her dog Loki comforts her when she loses at board games played with her husband, son, and daughter.

Related Posts

Five Ways Travel Agents Can Help Clients Navigate Today’s Trends

Although the travel industry’s 2021 recovery continues, the Skift Recovery Index (which provides up-to-date performance measures of the industry across 22 countries) shows that travel is still languishing 35% below pre-pandemic levels. The recovery has also been uneven, varying between different geographical regions due to divergent travel restrictions, COVID-19 case counts, and vaccine rollouts and the relative strength of their domestic travel markets.

Pasco Golfland: Continuing A Family Legacy

Small businesses, especially family-run businesses are the cornerstone of American life. Here at Sekure, we love highlighting the family businesses we serve, one of them is Pasco Golfland. 

10 Easy Marketing Tips to Increase Your Black Friday Sales

Whether it’s standing outside in the rain and snow for hours, cramming into stores or shopping from their beds in the wee hours of the morning to shop online, customers are always on the lookout for the best deal. Experts suggest Black Friday’s retail outlook will be different this year with fewer product selection due to hampered global supply chains, but retailers and other businesses can still make the most of this long weekend. To do so, you’ll need to find a strategy to help attract and delight your customers. Since Sekure works with a wide-range of businesses, we prepared a list of 10 marketing tips to help you grow your business for holiday shopping 2021, no matter the industry.