Posted by admin on Sep 18, 2009


Does every company have to comply with PCI DSS security regulations which protect cardholder information?

You bet they do.

Any merchant or payment provider which stores, processes, and/or transmits cardholder data must be PCI DSS compliant.  Regardless of how big or small the company is or the number or volume of payment processed.  No payment or cardholder information can be retained by merchants unless incredibly strict compliance is achieved and maintained.

But wait, there’s more.

PCI security requirements apply to more than cardholder information in a digital form.  Companies also must get rid of printed material that contains payment or cardholder information.  Disposal must be done in a responsible way which includes complete shredding of documents.

Entities that handle payment card transactions are categorized into 4 distinct levels.  The levels determine the validation processes that must be performed and maintained to ensure compliance.

  • Level 1: Merchants with more than 6 million card transactions.  Merchants which have had cardholder data compromised, regardless of size of merchant, are also included in Level 1.
  • Level 2: Merchants with card transactions between 1 and 6 million
  • Level 3: Merchants with card transaction between 20,000 and 1 million
  • Level 4: All other merchants

There are six categories of PCI compliance security standards.

  1. Build and Maintain a Secure Network
  2. Protect Cardholder Data
  3. Maintain a Vulnerability Management Program
  4. Implement Strong Access Control Measures
  5. Regularly Monitor and Test Networks
  6. Maintain an Information Security Policy

 For more information, contact