| PCI scanning surely sounds technical and this term | | | | - Level 4: with fewer than 150,000 transactions. |
| might be alien to most people but it might grab their | | | | Who does the PCI scanning? A PCI scanning vendor, |
| attention when I tell them how extraordinary this works | | | | also known as an approved scanning vendor provides |
| to protect merchants, online shoppers and credit card | | | | the service of helping merchants become PCI |
| companies. | | | | complaint by conforming to the standards set by the |
| Payment Card Industry Security Standards Council | | | | PCI council. Part of the compliance is reporting |
| (PCI SSC) established a set of universal security | | | | requirements held by the PCI council, which includes a |
| standards in the aim of helping online merchants who | | | | self assessment questionnaire and quarterly scan. The |
| transmit and process credit card payments to avoid | | | | actual PCI scan happens when the approved scanning |
| credit card fraud and identity theft. PCI Security | | | | vendors goes through the firewalls or external routers |
| Standards Council was founded by 5 major credit | | | | to search for threats or vulnerabilities. The scanning |
| card companies: Visa, Master Card, American | | | | ensures that all IP addresses that enter the merchant's |
| Express, Discover and JCB; and back then they have | | | | website are clean and virus free. |
| their own set of data security standards. These set of | | | | As a whole, being a PCI complaint is an investment |
| standards make sure that the software which | | | | that will benefit the buyer, seller and the credit card |
| processes credit card payments, are using the proper | | | | company. Safe and secure processing of transactions |
| security specifications, to protect the consumers from | | | | means that the website will less likely be hacked and |
| all kinds of threat and vulnerabilities. | | | | intruded by viruses. When the buyer sees that a |
| To become a PCI complaint, you must first comply | | | | website is PCI secured, they will have the assurance |
| with the PCI Security Standards. There are 12 | | | | that sensitive information will be safe from being |
| standards which are grouped into 6 categories: Build | | | | exposed to strangers. Thus, creating a good public |
| and Maintain a Secure Network, Protect Cardholder | | | | perception is key to increased conversion and sales. |
| Data, Maintain a Vulnerability Management Program, | | | | Credit card companies will also have fewer |
| Implement Strong Access Control Measures, Regularly | | | | headaches because there will be less incidents of |
| Monitor and Test Networks and Maintain an | | | | fraud and identity theft. |
| Information Security Policy. | | | | Most people today are cutting their costs to save |
| Further more, merchants who become a PCI | | | | more, which is why it's important to be wise in |
| complaint, are grouped into 4 categories which depend | | | | choosing a PCI provider that can keep down |
| on the number of processed transaction per year: | | | | sky-rocketing costs. PCI scanning requirements can be |
| - Level 1: over 6 million transactions; | | | | very confusing too, so better go with a PCI scanning |
| - Level 2: between 6 million to 150,000 transactions; | | | | vendor who is transparent and make things easier to |
| - Level 3: between 150,000 to 20,000 transactions; | | | | understand. |