01Oct, 2017
By admin

What is required to be PCI DSS compliant?

PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed or transmitted. If a PAN is not stored, processed or transmitted, PCI DSS requirements do not apply. Therefore if your company stores or transfers the PAN (Primary Account Number) which is usually the 16 digit credit card number itself in any way, even if it is only to transmit it directly to a real-time payment gateway, or perhaps restore it in some way, then your business must be PCI DSS compliant certified in its own right.
The applicable PCI DSS criteria is as follows:
Level 1 Visa and MasterCard World Wide transactions totalling 6 million per year, and any merchants who have experienced a data breach.
Level 2 Visa and MasterCard transactions totalling 1 million to 6 million per year.
Level 3 Visa and MasterCard e-commerce transactions totalling 20 to 1 million per year.
Level 4 Visa and MasterCard e-commerce transactions totalling 1 to 20.000 per year.

Related Articles

The benefits of mandatory data breach notification laws in Australia

Mandatory data breach notification laws would result in greater security for Australians and improved protection of their sensitive information. And i

Read More

Cost of data breach report (with Australian Statistics)

Ponemon Institute 2013 Cost of Data Breach report The 2013 Cost of Data Breach report published by the Ponemon Institute (sponsored by Symantec) revea

Read More

How to survive a data breach

In the past two years, LinkedIn, eHarmony, Twitter, Adobe and, most recently, Target have suffered data breaches that together exposed more than 120 m

Read More

Credit card data discovery tools lay the foundation for good data security

Card Holder Data (CHD) discovery tools are becoming essential in identifying none secure sensitive data locations. Since December 2013, a series of da

Read More