{"id":43,"date":"2010-11-21T20:17:43","date_gmt":"2010-11-21T20:17:43","guid":{"rendered":"urn:uuid:1c7f60e7-07eb-47b2-9933-33d8302e0055"},"modified":"2017-06-13T20:02:56","modified_gmt":"2017-06-13T20:02:56","slug":"pci-dss-compliance-the-basics","status":"publish","type":"post","link":"https:\/\/www.readysetauction.com\/rsablog\/2010\/11\/21\/pci-dss-compliance-the-basics\/","title":{"rendered":"PCI DSS Compliance: The Basics"},"content":{"rendered":"\t

What is PCI<\/span> DSS<\/span> Compliance?<\/strong><\/p>\n\n\t

Over the years, retailers have lost millions of dollars to fines and in compensation to customers as a result of compromised credit cards and personal information. These losses, moreover, do not take into account the hidden costs of lost sales and damage to merchant brands. In response to this increase of credit card hackers and thieves, American Express, Discover Financial Services, JCB<\/span> International, MasterCard Worldwide, and Visa Inc came together in 2006 to launch a global forum called the PCI<\/span> Security Standards Council. Together they developed the Payment Card Industry Data Security Standard (PCI<\/span> DSS<\/span>) requirements.<\/p>\n\n\t

According to the PCI<\/span> Security Standards Council<\/a> website, “The PCI<\/span> DSS<\/span> is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.”<\/p>\n\n\t

PCI<\/span> DSS<\/span> compliance is not an option but a requirement for all merchants — whether small or large — that process credit cards. In other words, if your organization plans to accept credit card payments prior to and\/or at your event auction \u2013 e.g. for online ticket sales, online cash donations, as payment for items won in an online auction, and as payment for items won at your event auction \u2013 then it must be PCI<\/span> DSS<\/span> compliant.<\/p>\n\n\t

What is required for PCI<\/span> DSS<\/span> compliance?<\/strong><\/p>\n\n\t

Your organization\u2019s “Merchant Level” determines your requirements for PCI<\/span> DSS<\/span> compliance. The number of transactions your organization processes each year and whether those transactions are performed from a brick and mortar location or via the Internet help determine which of four merchant levels it falls under. <\/p>\n\n\t

Keep in mind, even though the PCI<\/span> Security Standards Council developed the PCI<\/span> DSS<\/span> standards, compliance is actually mandated separately by the individual payment card brands (Visa, MasterCard, etc.). Accordingly, each payment card brand determines its own definitions of Merchant Levels and has its own set of compliance requirements.<\/p>\n\n\t

To give you a general idea of how to determine your PCI<\/span> compliance level, here are Visa’s PCI<\/span> compliance merchant level definitions: <\/p>\n\n\t