Top ERP Software
Welcome to PCI Compliance 101
The PCI (Payment Card Industry) compliance standard applies to all organizations or merchants that accepts store, process or transmit or payment cardholder data. If any customer of an organization pays the merchant directly using a credit card or debit card, then PCI DSS compliance regulations apply.
Are You PCI-DSS 3.2 Compliant for 2019?
The big changes for PCI DSS 3.2 involve safeguarding payment data and secure sockets layer/early transport layer security (SSL/early TLS). Updating these security controls is required by July 1, 2019. Specific PCI DSS v3.2 requirements include:
MFA for non-console administrative access to the CDE (8.3.1) - February 1, 2019 deadline
Change management processes to confirm requirements in place after changes (6.4.6) - February 1, 2019 deadline
Additional requirements for service providers - February 1, 2019 deadline
SSL/TLS migration - Deadline: July 1, 2019
All merchants that electronically store payment cardholder data post-authorization or has external-facing IP addresses with Internet connectivity must submit to and complete a network vulnerability scan every 3 months by a PCI SSC Approved Scanning Vendor (ASV).
All merchants that store, process or transmit payment cardholder data fall into one of four levels based on aggregrate Visa transaction volume over a 12-month period.
PCI Merchant Level 1:
Any merchant processing over 6,000,000 Visa transactions per year.
PCI Merchant Level 2:
Any merchant processing between 1,000,000 - 6,000,000 Visa transactions per year.
PCI Merchant Level 3:
Any merchant processing between 20,000 - 1,000,000 Visa transactions per year.
PCI Merchant Level 4:
Any merchant processing fewer than 20,000 Visa transactions per year.