Payment Card Industry (PCI) Solutions
Protection of information is an ever growing responsibility for organizations. The protection of employees, customers, and intellectual property information is essential. Compliance with related industry regulations and standards is a daily responsibility for today’s organizations. There are contend daily reminders of the challenges that organizations face today, especially with identity theft. Too often, the information at the center of these thefts is credit card data. Responsibilities have grown across all industries, but none more than merchants accepting credit cards and those service providers processing credit cards.
The Payment Card Industry (PCI) Data Security Standard was developed as a single effort by the largest credit cards companies in the world to address security requirements for their merchants and service providers. Companies such as Visa, MasterCard, Discover, and American Express have developed the PCI Data Security Standard to address the security contained within organizations that handle credit card data. The PCI Data Security Standard is applied and enforced on multiple levels, based transaction volume. Depending on the level, an organization may be subject to quarterly testing, on-site assessment, or self assessment.
Contacts:
Email: pci@continuumww.com
Toll-Free: 1-800-780-0298
| Merchant Definition |
Criteria |
Onsite Review |
Self Assessment |
Network Security Scan |
|---|---|---|---|---|
Level 1 |
All merchants, including electronic commerce merchants, with more than 6 million total transactions annually |
Required Annually |
Not Required |
Required Quarterly |
Level 2 |
All merchants with annual e-commerce transactions between 150,000 and 6 million |
Not required |
Required Annually |
Required Quarterly |
Level 3 |
All merchants with annual MasterCard e-commerce transactions between 20,000 and 150,000 |
Not Required |
Required Annually |
Required Quarterly |
Level 4 |
All other merchants |
Not Required |
Required Annually |
Required Quarterly |
Service Provider Definition |
Criteria |
Onsite Review |
Self Assessment |
Network Security Scan |
Level 1 |
Includes all Third Party Payers and all Data Storage Entities that store account data on behalf of Level 1 or Level 2 merchants. |
Required Annually |
Not Required |
Required Quarterly |
Level 2 |
Includes all Data Storage Entities that store account data on behalf of level 3 merchants |
Required Annually |
Not Required |
Required Quarterly |
Level 3 |
All other Data Storage Entities not included in Levels 1 and 2 |
Not Required |
Required Annually |
Required Quarterly |
Continuum Worldwide is a PCI DSS Qualified Security Assessor, providing for the ability to conduct annual on-site assessments for Level 1 merchants and Level 1 and 2 service providers. In addition Continuum Worldwide consultants have an average of ten years of experience in the field of information security and regulatory compliance.
PCI Solutions
Continuum Worldwide offers a wide range of PCI solutions that are designed to provide business value while effectively managing and mitigating risks and maintaining compliance. Continuum Worldwide’s services include:
- Yearly On-Site Assessment – As a PCI QSA, Continuum Worldwide can work directly with merchants and service providers to achieve and maintain PCI DSS compliance.
- PCI Readiness Assessment – Continuum Worldwide can help an organization prepare for a PCI assessment to determine if controls and configurations are in place to ensure compliance with the PCI DSS.
- Self Assessment Assistance – Continuum Worldwide can provide support for organizations to help identify gaps that may exists with existing information security programs and PCI DSS requirements