The
PCI compliance Self Assessment Questionnaire needs to be completed by
merchants every 12 months, and is the most comprehensive way to check if
your business is PCI compliant.
It's likely that in recent months
you've heard of a business suffering a breach of its customers payment
card data. It occurs so often now, we all hear about it, and forget
about the event quickly.
A 2015 study by Javelin Strategy &
Research, found that US$16 billion was stolen from 12.7 million
consumers in 2014 in the United States alone, that's 1 in 100 people.
There was a new identity fraud victim every two seconds in 2014.
There
is just one set of recognized standards to protect your business from
these attacks: the Payment Card Data Security Standard (PCI DSS, known
as PCI Compliance).
Not being PCI compliant doesn't only betray
your customers' trust, but breaches will subject your business to steep
fines and expenses.
Keeping your business in-line, however, is easier than you think.
How
to complete the Self-Assessment Questionnaire (SAQ) - To become PCI
compliant, your business needs to meet the standards set according to
the security category it falls into. Most businesses (likely yours too)
belong to category 3 or 4, which involve the same procedures: Fill in a
Self-Assessment Questionnaire (SAQ) and at minimum, a Quarterly PCI
Compliance scan, run by an Approved Scanning Vendor (ASV).
The
Payment Card Industry Data Security Standard (PCI DSS) defines the SAQ
as "a validation tool to assist merchants and service providers in
demonstrating their compliance."
The SAQ can be completed by a
person in your business (possibly yourself), and is the first step on
the path to becoming PCI compliant. The Self-Assessment Questionnaire,
as the name implies, is completed by a representative officer from your
business, this could be the IT Manager, the CFO, or anyone with
knowledge of how the business works.
The First Step to Completing a SAQ
The
first step is to identify the SAQ category your business falls under -
which varies depending on how you process, store and transmit customers'
payment card data - that applies to your business.
SAQ A: Card not present merchants (e-commerce or mail/telephone-order) with all cardholder data functions outsourced.
SAQ
B: Imprint-only merchants with no electronic card holder data storage,
or, Stand-alone dial-up terminal merchants with no electronic card
holder data storage.
SAQ C: Merchants with payment systems connected to the Internet and no electronic cardholder data storage.
SAQ
D: All other merchants (not included in descriptions for SAQs A-C
above) and all service providers defined by a payment brand as eligible
to complete an SAQ D.
There are more, but this covers the basics.
Once
you have identified the category applicable to your business you must
then fill in the relevant SAQ and Attestation of Compliance (AoC) PDF
form.
Use the SAQ form as a guide to evaluate your business's
security protocols. Any potential risks in your business's payment
system highlighted by the SAQ must be addressed and then the
questionnaire retaken, until you can answer every question with 'pass'
or 'not applicable', to achieve compliance with the required PCI Data
Security Standard.
The final step to becoming PCI Compliant
Once
your business satisfies all the requirements outlined in the SAQ, the
next step is to undergo a PCI Compliance scan on your website / payment
system.
http://ftml.nau.edu.ua/forum/welcome-mat/12-bronirovanie-ekskursij
http://www.iod.gov.ua/profile.php?lookup=1282
https://dl.cdu.edu.ua/user/profile.php?id=10875
https://social.saratov.gov.ru/deti_ozdorovlenie_zanjatost/forum/index.php?PAGE_NAME=profile_view&UID=130257
http://wiki.soippo.edu.ua/index.php?title=%D0%9A%D0%BE%D1%80%D0%B8%D1%81%D1%82%D1%83%D0%B2%D0%B0%D1%87:Ainegree
http://imfl.sci.pfu.edu.ru/forum/index.php?action=profile;area=summary;u=800662
http://ipi.tspu.edu.ru/user/ainegree/
https://portal.edu-bko.gov.kz/?page_id=97&view=topic&id=39#postid-50
http://www.ved.gov.ru/forum/?&action=showreplies&fid=21&topic=8778
http://kazng.gov.kz/kz/component/kunena/welcome-mat/4884-poisk-ekskursij.html
https://ktmnt.udpu.edu.ua/index.php?subaction=userinfo&user=ainegree
http://pm.nuos.edu.ua/communications/forum/user/3611/
https://www.wiki.npu.edu.ua/index.php?title=%D0%9A%D0%BE%D1%80%D0%B8%D1%81%D1%82%D1%83%D0%B2%D0%B0%D1%87:Ainegree
http://torgi.gov.ru/forum/user/profile/979959.page
https://monrda.gov.ua/index.php/forum/dobro-pozhalovat/89706-poisk-ekskursij#61346
No comments:
Post a Comment