PCI-DSS v2.0

Top ERP Software

Welcome to PCI Compliance 101

The PCI (Payment Card Industry) compliance standard applies to all organizations or merchants that accepts store, process or transmit or payment cardholder data. If any customer of an organization pays the merchant directly using a credit card or debit card, then PCI DSS compliance regulations apply.

Is Your Institution PCI-DSS 3.2 Compliant for 2018?

The big changes for PCI DSS 3.2 involve safeguarding payment data and secure sockets layer/early transport layer security (SSL/early TLS). Updating these security controls is required by July 1, 2018. Specific PCI DSS v3.2 requirements include:

MFA for non-console administrative access to the CDE (8.3.1) - February 1, 2018 deadline

Change management processes to confirm requirements in place after significant changes (6.4.6) - February 1, 2018 deadline

Additional requirements for service providers - February 1, 2018 deadline

SSL/TLS migration
   Only secure versions of the protocol to be used as security control
   Allowance for POS POI terminals confirmed not to be vulnerable
Deadline: July 1, 2018

All merchants that electronically store payment cardholder data post-authorization or has external-facing IP addresses with Internet connectivity must submit to and complete a network vulnerability scan every 3 months by a PCI SSC Approved Scanning Vendor (ASV).

All merchants that store, process or transmit payment cardholder data fall into one of four levels based on aggregrate Visa transaction volume over a 12-month period.

PCI Merchant Level 1:
Any merchant processing over 6,000,000 Visa transactions per year.

PCI Merchant Level 2:
Any merchant processing between 1,000,000 - 6,000,000 Visa transactions per year.

PCI Merchant Level 3:
Any merchant processing between 20,000 - 1,000,000 Visa transactions per year.

PCI Merchant Level 4:
Any merchant processing fewer than 20,000 Visa transactions per year.