PCI Compliance Overview

Looking for PCI compliance service providers? We're a Level 1 PCI-compliant partner providing payment solutions to companies worldwide. Click here for more!

REQUEST A CONSULTATION

If you would like more information, please submit your personal and company information and a member of our team will contact you.

Fill_it:
8 +
= 18

E-Complish Simplifies PCI Compliance

The Payment Card Industry (PCI) Data Security Standard sounds like a dry subject. And it is – until a non-compliant business faces bank fines, penalties, investigations, lost sales or even law suits after a data breach. PCI Compliance helps to protect businesses – and their customers from data theft and credit card fraud.

Inside the Causes of Payment Fraud Infographic

Payments fraud is a serious and growing problem. In the U.S., card fraud alone totaled $7.1 billion in 2014. And every dollar of fraud costs merchants a total of $3.08. We show the payment methods most susceptible to fraud, the key causes and some of the ways businesses can fight back.

payment fraud 101

E-Complish and PCI Compliance – Stop Spending, Start Saving and Reduce Liability

E-Complish is a Level 1 PCI Compliant payment partner who provides payment solution technology to companies all across the globe. From Text2Pay to MobilePay to DirectPay, E-Complish offers unique solutions to fit any business model – regardless of size or industry – taking the hassle out of PCI Compliance Rules and Regulations for your financial department while reducing costs and liability.

PCI Compliance Infographic

PCI-compliance

Control Costs

Depending on the size of the company, PCI Compliance can cost between tens of thousands to millions of dollars. The initial costs may seem high, but even the set-up fees don’t account for surprise charges that come along when your company must pay for additional adjustments to abide by these strict standards.

Save Time

Becoming PCI Compliant can take up to two full years, and the certification renewal process can take up to six months. While waiting those two full years, your company and your transactions are not PCI Compliant – leaving your customer vulnerable to security risks and your company vulnerable to fines levied by the card companies.

Free Up Your Resources

From installing new servers to setting up new divisions in your company, PCI Compliance takes hundreds of hours to implement and maintain. In addition, resources must be delegated to maintaining PCI Compliance security standards, decreasing bandwidth and reducing productivity.

Be Sure to Use a PCI Compliant Payment Processor

Not all payment processors are compliant to the levels that your company will need. Insist to see their Attestation of Compliance (AOC). The AOC document was specifically created by the PCI DSS Council to provide proof of compliance standards and their compliance level. To get an AOC, the payment processor must be assessed by a QSA (Qualified Security Assessor) to verify compliance. Only a QSA can sign off on a Service Provider’s AOC. Alternatively you can verify their compliance by visiting the Visa and MasterCard websites of Compliant Service Providers. Below are a sample of rules set by Visa that Service Providers, like E-Complish, must maintain:

Visa Service Provider Levels of PCI Compliance

Service Provider Level Description
1 VisaNet processors or any service provider that stores, processes and/or transmits over 300,000 Visa transactions per year
2 Any service provider that stores, processes and/or transmits less than 300,000 Visa transactions per year

In addition to adhering to the PCI DSS, compliance validation is required for all service providers.

Level Validation Action Validated By
1
  • Annual On-Site PCI Data Security Assessment
  • Quarterly Network Scan
  • Qualified Security Assessor
  • Approved Scanning Vendor
2
  • Annual PCI Self-Assessment Questionnaire
  • Quarterly Network Scan
  • Service Provider
  • Approved Scanning Vendor

About PCI Compliance and You as a Merchant

The Payment Card Industry Data Security Standard, or PCI Compliance, is a set of regulations that governs all merchants who process credit and debit card transactions. The larger the merchant, the more strict the standards that govern them. Some companies attempt to adhere to these security standards on their own. This has huge drawbacks for resources considering both the cost and the time it takes to become PCI compliant. Some decide to outsource the headache and cost to PCI Compliant Service Provider like E-Complish. The below chart are the rules associated to Merchants level. Your level will determine which level of PCI Compliance you must maintain:

Merchant Level Description
1

Are you a Level 1 Merchant?

Any merchant — regardless of acceptance channel — processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.

Level 1 Merchant Requirements:

The Annual On-Site PCI Data Security Assessment must be completed for Level 1 merchants according to the Navigating the latest PCI DSS document. This document is also to be used as the template for the Report on Compliance.

Level 1 merchants should engage a Qualified Security Assessor to complete the Report on Compliance and provide the report to their merchant bank. Alternatively, merchant banks may elect to accept the Report on Compliance from a Level 1 merchant’s Internal Security Assessor, provided that a letter signed by a merchant officer accompanies the report. Level 1 merchants must also submit the latest PCI DSS AOC – Merchants form completed by their assessor to their merchant bank.

Merchant banks must submit the latest PCI DSS AOC – Merchants form and a letter accepting the merchant’s full compliance validation to Visa upon receipt and acceptance of the merchant’s validation documentation.

2

Are you a Level 2 Merchant?

Any merchant — regardless of acceptance channel — processing 1M to 6M Visa transactions per year.

Level 2 Merchant Requirements:

The PCI DSS Self-Assessment Questionnaire (“SAQ”) must be completed by Level 2 and 3 merchants.

3

Are you a Level 3 Merchant?

Any merchant processing 20,000 to 1M Visa e-commerce transactions per year.

Level 3 Merchant Requirements:

The PCI DSS Self-Assessment Questionnaire (“SAQ”) must be completed by Level 2 and 3 merchants.

4

Are you a Level 4 Merchant?

Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants — regardless of acceptance channel — processing up to 1M Visa transactions per year.

Level 4 Merchant Requirements:

Level 4 merchants may be required to complete the applicable PCI DSS SAQ as specified by their merchant bank.

Make it easy and eliminate the headache of PCI Compliance. Visit our Solutions tab to learn which E-Complish solutions are right for your business, and install a PCI Compliant E-Complish payment processing solution today.