What are Compliance Levels in PCI-DSS?

InfosecTrain
0

What is PCI-DSS?

The Payment Card Industry Data Security Standard (PCI-DSS) is a collective set of security standards developed by American Express, Discover Financial Services, JCB International, MasterCard, and Visa in 2004. The PCI Security Standards Council (PCI-SSC) manages the compliance scheme, which aims to protect debit and credit card transactions from fraudulent data activity.


What is Compliance?

Compliance entails adhering to the rules, which can be policies, methods, norms, or even laws. All businesses and organizations must follow a set of rules and regulations worldwide. While running a business, you must ensure that every employee follows the rules and regulations of the relevant supervisory authorities.

PCI-DSS Compliance Levels

PCI compliance levels can be further classified into four levels based on the annual number of credit or debit card transactions for business processes. The classification level determines what an organization must do to remain compliant.

Level 1

Vendors who process more than six million real-world credit or debit card transactions per year come under level 1. They must have an internal audit performed once a year by an authorized PCI Auditor. Furthermore, they must submit a PCI scan by an Approved Scanning Vendor (ASV) once every quarter. 

Level 2

This level applies to vendors who perform between one and six million real-world credit or debit card transactions per year. Once a year, they must complete an assessment using a Self-Assessment Questionnaire (SAQ). A PCI scan may also be required quarterly.

Level 3

Level 3 vendors handle between 20,000 and one million e-commerce transactions per year. They are required to perform an annual evaluation using the appropriate SAQ, and a PCI scan may be required on a quarterly basis.

Level 4

Vendors who perform fewer than 20,000 e-commerce transactions per year or up to one million real-world transactions come under level 4. A yearly assessment using the relevant SAQ is needed, as a quarterly PCI scan.

PCI-DSS Compliance Requirements

The PCI SSC has established 12 requirements for dealing with credit card information and providing a stable network. Which is as follows:

PCI-DSS with InfosecTrain

InfosecTrain's PCI-DSS training course provides in-depth knowledge of managing the risks associated with payment card transactions. The core essentials of the entire PCI-DSS standards family, as well as the 12 essential standards and controls requirements, are explained in this training course.

Post a Comment

0Comments

Post a Comment (0)