PCI Compliance
Description
What's in this article?
The Payment Card Industry Data Security Standard (PCI DSS or PCI), is a minimum set of security requirements designed so that all companies who accept card payments protect cardholder data. The PCI Security Standards Council (formed by the card brands) sets the standards that are then enforced by the card brands, banks, acquirers, etc. By adhering to the security standards, businesses can protect themselves against security breaches, safeguard customer data, and protect the integrity of electronic payments.
Why is PCI important?
Who does PCI apply to?
Every merchant who accepts credit or debit cards as a method of payment is required to comply with the PCI DSS. Compliance depends on your merchant level. Merchant Levels are defined by the card brands and are based on your transaction volume (not the transaction amounts, just the number of card transactions).
Transaction Volume determines PCI Merchant level
Transaction Volume | Merchant Level |
---|---|
More than 6 million card transactions per year - all channels | 1 |
Between 1 and 6 million card transactions per year - all channels | 2 |
Between 20,000 and 1 million e-commerce ONLY card transactions per year | 3 |
Less than 20,000 e-commerce card transactions and less than 1 million overall transactions per year | 4 |
Level 1 and 2 merchants
Bank of America's Merchant PCI L1 and L2 program assigns a PCI Analyst. The PCI Analyst is responsible for receiving the annual PCI Validation documentation, they will then review the submitted documentation for proper validation of PCI Compliance status.
Additionally, the PCI Analyst acts as a resource for the merchant throughout the year in regards to PCI clarifications and questions, updates, newly announced PCI DSS version changes, etc. This resource is provided at no additional cost. They also will communicate with merchants prior to their annual due dates and will coordinate routine communications to stay apprised of status.
Level 3 and 4 merchants
Bank of America simplifies the process of self-assessment by providing you with all of the tools you need to achieve, maintain and validate your PCI compliance.
Log in to PCI Assist to complete compliance. After entering some simple information about your environment, you are presented with a series of questions that will do these things:
- Direct you to the proper Self-Assessment Questionnaire (SAQ).
- Limit the number of questions you need to answer. Example: If you indicate that you do not have WiFi, we will pre-answer all of the WiFi related questions for you.
- Present the questions using non-technical language where possible and provide clear help text with examples and suggestions
- Allow you to stop at any point and return without losing any of your answers
- Provide you with help in the form of chat, email or call center support during normal business hours where agents can explain the requirements and help you navigate the portal
- Provide you with tools like vulnerability scanning (if required) and downloadable Security Policy templates, etc.
You will not be required to print SAQs or Network Scan Results and send those to the bank, as the portal records your compliance status for you.