Skoda Minotti: CPAs, Business & Financial Advisors

RESOURCE CENTER

Blog 

Case Studies

Advisor Insights

Ask an Expert

Tip of the Month

Taxes Quick Guide

Rates, dates and requirements.

Special Delivery e-Newsletter

Quarterly Industry Reports

  • BDO Seidman Alliance
  • Weatherhead 100

  • SERVICES

    • Metzloff

    The following is a brief summary of the regulations found at www.pcicomplianceguide.org. If you have any questions related to the following information, please contact Robert Brenis at 440-449-6800.

    The current Visa and MasterCard merchant levels and changes from PCI DSS 1.0 to PCI DSS 1.1 are as follows:

    • Level 1-Visa U.S.A. and MasterCard World Wide transactions totaling 6 million and up, per year, and any merchants who experienced a data breach.
    • Level 2-Visa and MasterCard transactions totaling 1 million to 6 million per year. (The new requirement expands the number of Level 2 merchants to include former Level 4 merchants.)
    • Level 3-Visa and MasterCard e-commerce transactions totaling 20,000 to 1 million per year. (The new requirement expands Level 3 to include former Level 2 merchants who process fewer than 1 million e-commerce transactions per year.)
    • Level 4-Visa and MasterCard e-commerce transactions totaling up to 20,000 per year. (The new requirement decreases the number of Level 4 merchants.), and all other merchants, regardless of acceptance channel, processing up to 1 million Visa or MasterCard transactions per year.

    The current Visa and MasterCard validation requirements are as follows:

    • Level 1-Visa/MasterCard-- Annual onsite review by merchant's internal auditor or a Qualified Security Assessor (QSA) or Internal Audit if signed by Officer of the company, and a quarterly network security scan with an Approved Scanning Vendor (ASV).
    • Level 2-- Completion of PCI DSS Self Assessment Questionnaire annually, and quarterly network security scan with an approved ASV.
    • Level 3-- Completion of PCI DSS Self Assessment Questionnaire annually, and quarterly network security scan with an approved ASV.
    • Level 4-- Completion of PCI DSS Self Assessment Questionnaire annually, and quarterly network security scan with an approved ASV. Submit summary of PCI compliance plan, via acquirer, by July 30, 2007. If a breach has been reported, or found, Visa reserves the right to move the Level 4 merchant to a Level 1. If so, the Level 4 merchant must abide by the Level 1 validation requirements. (See Level 4 Merchant Compliance for more information)

    Payment Card Industry (PCI) Data Security Standard

    Build and Maintain a Secure Network

    Requirement 1: Install and maintain a firewall configuration to protect cardholder data

    Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

    Protect Cardholder Data

    Requirement 3: Protect stored cardholder data

    Requirement 4: Encrypt transmission of cardholder data across open, public networks

    Maintain a Vulnerability Management Program

    Requirement 5: Use and regularly update anti-virus software or programs

    Requirement 6: Develop and maintain secure systems and applications

    Implement Strong Access Control Measures

    Requirement 7: Restrict access to cardholder data by business need-to-know

    Requirement 8: Assign a unique ID to each person with computer access

    Requirement 9: Restrict physical access to cardholder data

    Regularly Monitor and Test Networks

    Requirement 11: Regularly test security systems and processes

    Maintain an Information Security Policy

    Requirement 12: Maintain a policy that addresses information security for employees and contractors