Sign In
Skip Navigation Links
Skip navigation links
Home
About Us
Partners
Seminars
Services
Solutions
Government & Education
> Solutions > PCI Compliance
Skip navigation links
Enterprise Security
Vulnerability/Assessments
Networking Infrastructure
Microsoft Enterprise
Network Health Checks
PCI Compliance
Compliance/Best Practices
Managed Services
PCI Compliance 


With the mission of protecting and securing credit card data, the PCI Security Standards Council has established specific compliance requirements for companies that process, transmit or store credit information. Companies are classified as either merchants or service providers (service providers are entities that perform a function such as processing a credit card transaction or providing backup tape storage of credit card data).

The quantity of credit card numbers handled on an annual basis determines the categorization level of merchants and service providers. For example, Level 1 merchants and Level 1 and 2 service providers are required to conduct annual, on-site assessments that can only be performed by a Qualified Security Assessor (QSA) such as Accudata Systems, Inc.

Merchant and service providers that handle lower numbers of credit cards are required to complete a PCI self-assessment questionnaire (an on-site QSA audit is not required). To assist with the compliance effort, many organizations seek the knowledge and experience of a QSA to help them prepare for an upcoming audit, assist with the completion of a self-assessment questionnaire, and obtain clarification on the required PCI Data Security Standard (DSS) controls. A table that defines PCI's four merchant levels, the required validation actions, who must perform the validation, and the date the validation is due can by found by visiting the Visa Web site.

Accudata Systems PCI Services

As an approved QSA with experienced PCI consultants, Accudata Systems is qualified to provide clients with the following professional services:

  1. Annual on-site PCI DSS assessments
  2. Pre-PCI audits and remediation services
  3. Assistance with the completion of the Self-Assessment Questionnaire
  4. Consultation on payment processes and architectural design

Accudata Systems PCI Process Flow

While varying in scope and duration, all Accudata Systems PCI compliance engagements utilize a comprehensive process (see Figure 1 below) designed to identify and remedy the weaknesses of your environment. As a certified QSA with more than 25 years of IT experience and partnerships with the most respected security and infrastructure companies in the industry, Accudata Systems is uniquely positioned with the knowledge, experience and resources required to help you comply with the PCI Data Security Standard.


Figure 1. Accudata Systems PCI Process Flow

 

Penalties

Noncompliance with the PCI Data Security Standard can result in fines and higher processing fees. Firms found to be storing extremely sensitive credit card data (e.g., PINS, full magnetic stripe track data, or card verification value (CVV2) data) can be subjected to monthly fines of $10,000. For example, in 2006 Visa indicated that they levied $4.6 million in fines versus only $3.4 million in 2005. Accudata Systems consultants have seen fines ranging from nominal to $500,000 for the improper handling of credit card track data.

According to Visa's Merchant PCI DSS Compliance Update (summarized in the table below), as of 8/31/2007 a range of only 38-54% of Level 1, Level 2, and Level 3 merchants had been validated as being in compliance with the PCI Data Security Standard.

Visa U.S.A. Cardholder Information Security Program (CISP)
PCI DSS Compliance Validation Update as of 8/31/2007
CISP Validation Category
(Visa transaction / year)
PCI DSS
Compliance Validated
Level 1 Merchants
44%
Level 2 Merchants
38%
Level 3 Merchants
(e-commerce only
20,000 - 1M)
54%


Achieving Compliance

The most commonly experienced roadblocks to PCI compliance center around the following four topics:

  1. Data encryption
  2. Access management
  3. Application security
  4. Logging

According to a Gartner study quoted in the 10/2/07 edition of the Wall Street Journal, the cost of achieving compliance can be significant. The table below shows the average amounts that merchants budget and spend on new technology to comply with PCI requirement (does not include costs ).

Merchant Level

Average Technology Investment

Level 1 Merchant

$568,000

Level 2 Merchant

$267,000

Level 3 / 4 Merchant

$81,000

Given the roadblocks, technology expenses, potential fines and maze of requirements facing merchants and service providers, it is both cost effective and expedient to consult with an experienced QSA at the beginning of the process to maximize your investment and protect your PCI data. Additional information can be obtained by visiting the Whitepapers section of our Web site and downloading, “PCI Data Security Standard – The Risk Mitigation Strategies of the 12 Commandments.”

Additional PCI Information

For an overview of Accudata Systems PCI services:

Contact Accudata Systems

To find out more about our PCI Compliance services, please contact Accudata Systems at 800-246-4908.