Does your Business require PCI Compliance Consulting Services?  Perhaps RCS can help!

What is PCI Compliance?

In short, PCI DSS is a set of regulations created by major payment card brands, such as Visa, MasterCard, American Express, Discover, and JCB. This scheme requires organizations to comply with 12 general data security requirements that every merchant needs to follow. There are also over 200 sub-requirements, but not all of them may be applicable to you. It depends on your business.

Who Needs PCI Compliance?

We’ve been getting a lot of questions lately about PCI compliance. If you’re new to PCI Compliance, this is a good read.  The PCI DSS applies to any merchant or service provider that handles, processes, stores or transmits credit card data.

      Do towns, cities and school districts need to be PCI compliant? 

The short answer is yes. If the entity processes credit cards, they need to be PCI compliant. The difference is in how they can become compliant. Expectations for a municipality are                 nowhere near those of a big box store or retailer like Walmart or Amazon. First, PCI compliance is divided into four levels, based on the number of Visa and/or Mastercard transactions that are      processed per year. Level 4 (the lowest level at less than 20,000 e-commerce transactions per year) is generally where most municipalities will fall.  Based on the PCI compliance level,                 different requirements must be met.

Do towns, cities and government agencies require PCI compliance?

The short answer is yes. If the entity processes credit cards, they need to be PCI compliant. The difference is in how they can become compliant. Expectations for a municipality are nowhere near those of a big box store or retailer like Walmart or Amazon.

Which Services Do We Provide in PCI Compliance Consulting?

Race Computer Services provides PCI compliance, which are at the core- specifically itemized cybersecurity services that are related to protecting credit card data.  The services that we provide for PCI requirements are listed below, and are all geared towards Protecting Cardholder Data:

  1. Build and Maintain a Secure Network and Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters
  3. Encrypt transmission of cardholder data across open, public networks
  4. Maintain a Vulnerability Management Program
  5. Use and regularly update anti-virus software or program
  6. Develop and maintain secure systems and application
  7. Implement Strong Access Control Measures
  8. Restrict access to cardholder data by business need to know
  9. Assign a unique ID to each person with computer access
  10. Restrict physical access to cardholder data
  11. Regularly Monitor and Test Networks
  12. Track and monitor all access to network resources and cardholder data
  13. Regularly test security systems and processes

Perhaps You would like to communicate with RCS further regarding PCI compliance requirements?  Give us a call at (973)343-5479.