PCI Compliance Checklist - A Tool to Help You Monitor Your Compliance

Let’s face it, achieving PCI Compliance can be challenging. However, maintaining compliance with the latest version of the PCI Data Security Standards can be even more difficult. As part of the PCI Compliance process, there are many different things that an organization must do throughout the course of the year to satisfy the PCI Security Standards Council and the payment card brands. If you fail to complete the requirements outlined by the PCI Security Standards Council, there are several possible things that could happen:

1. You run the risk of being fined by your Acquiring Bank for non-compliance.
2. One of the specific card brands could terminate their relationship with you, not allowing you to accept that specific brand of credit card as a form of payment.
3. Your acquiring bank could be forced to terminate their relationship with you, thus not allowing you to accept credit cards as a form of payment.
4. Possible civil litigation from consumers if a breach of their payment card data were to occur.
5. Damage to your reputation as a business resulting in a loss of trust by customers.

None of the possible outcomes above are positive nor will they help your business in the short term or the long term. In fact, going through the process of becoming PCI compliant is almost always far less expensive than taking the risk of not being compliant. But let’s return to the main question of how do you monitor your compliance throughout the year?

Before we get to the good stuff, let’s talk about some statistics around PCI Compliance for merchants and service providers:

Merchants:

• There are 13 requirements that must be completed and documented on an annual basis.
• There are 4 requirements that must be completed and documented on a quarterly basis.
• There is 1 requirement that must be completed and documented on a semi-annual basis (every 6 months).
• All totaled, there are 30 requirements that you must complete and document every year.

Service Providers:

• There are 12 requirements that must be completed and documented on an annual basis.
• There are 6 requirements that must be completed and documented on a quarterly basis.
• There are 2 requirements that must completed and documented on a semi-annual basis (every 6 months).
• All totaled, there are 38 requirements that you must complete and document every year.

That is a lot of information to not only remember to complete, but to also document that you have completed. For this reason, we have created a PCI Compliance Checklist that you can use to see what you must complete, monitor your progress, and have a visual representation of what you still need to complete. Please note that this checklist is not designed to make you PCI Compliant, rather it is a tool for you to use to monitor your progress and recognize what you have completed and what you still need to complete.

When you fill out the form on the next page, you will be taken to a page to download the PCI Compliance checklist in PDF format. There will be one checklist for merchants and one checklist for service providers. Please select the checklist that pertains to you and download it and start using it. To help clear up any confusion, according to the PCI Security Standards Council, here are the definitions of both a Service Provider and Merchant:

Service Provider – Business entity that is not a payment brand, directly involved in the process of processing, storing, or transmission of cardholder data on behalf of another entity. Service providers serve merchants and/or other service providers.

Merchant – Any business entity that accepts payment cards bearing the logos of any of the five members of the PCI SSC (American Express, Discover, JCB, Mastercard, or Visa) as a payment for goods and/or services. A merchant will have one or more Merchant IDs issued by their acquiring bank.

For more information on the differences between the two, feel free to visit the PCI Security Standards Council website at https://www.pcisecuritystandards.org. In the meantime, download the checklist and contact us with any questions that you have. Until next time, be safe!