Companies processing credit and payment cards that fail to meet the strict 1st October 2009 deadline to become fully PCI DSS (Payment Card Industry Data Security Standard) compliant, face mounting pressure from banks – with smaller UK companies in particular likely to be slipping behind. In response, independent e-commerce expert IT Governance is delighted to announce a special set of dedicated resources to help the SME meet that PCI DSS deadline.
The package – the PCI Compliance and Support Contract for the Smaller Business – brings together consultancy, training and scanning services with extensive ex-qualified security assessor resources, at a price that merchants gearing up for PCI DSS can afford, and with built-in discounts for longer-term contracts. Credit card merchants are stratified by payment brands like VISA and MasterCard into a number of different levels, and the IT Governance package is designed to offer the most appropriate consultancy and merchant support for the level of transactions processed on an annual basis.
The payment card industry is seeing significant increases in the hacking of merchant security systems to fraudulently obtain card data, particularly with merchants who accept cardholder information over the Internet, and so has stepped up the pressure to get PCI DSS implemented as widely as possible. Levels 2 to 4 card processing merchants are particularly vulnerable, risking fines, as well as possibly losing their merchant facilities.
“This is very clear warning for merchants to comply with the PCI DSS standard, and it proves how serious the banks are about combatting hacking and avoiding the risk of any data breach,” says IT Governance’s CEO, Alan Calder.
“PCI DSS has to be addressed – and soon,” explains Calder. “Our Smaller Business Support Contract is a service which provides a highly cost-effective PCI compliance service to the smaller merchant, who is a likely target for criminals.”
Any SME wanting to get more information about PCI DSS and the IT Governance package should visit /pci-smaller-businesses.aspx
- Ends -
FOR FURTHER INFORMATION PLEASE CONTACT
+44 (0)20 7664 6310
Marc Cornelius firstname.lastname@example.org
NOTES TO EDITORS
About Credit Card Merchant Levels
Credit card merchants are stratified by companies like VISA and MasterCard into a number of different levels. The IT Governance PCI Compliance and Support Contract for the Smaller Business package is designed to offer the most appropriate consultancy and support per level:
Level 4 is any merchant that does between 1 and 20,000 transactions a year. In lieu of a full Report On Compliance, the PCI Council allows Level 4 merchants to complete a Self-Assessment Questionnaire (SAQ) instead. Quarterly PCI scans are also required.
Level 3 is any merchant that does between 20,000 and 1,000,000 transactions a year. In lieu of a full Report On Compliance, the PCI Council allows Level 3 merchants to complete a Self-Assessment Questionnaire (SAQ) instead. Quarterly PCI scans are also required.
Level 2 is any merchant that does between 1,000,000 and 6,000,000 transactions a year. In lieu of a full Report On Compliance, the PCI Council allows Level 2 merchants to complete a Self-Assessment Questionnaire (SAQ) instead. Quarterly PCI scans are also required. Level 2 merchants also have an extra one-page form, that takes about 5 minutes to fill out, and which basically states that they don't keep certain types of credit card information on file.
And finally at the top end, Level 1 is any merchant that does over 6,000,000 transactions a year. You will need to bring an assessor on-site called a QSA to evaluate your security and create an in-depth Report On Compliance for you. Quarterly PCI scans are also required.
UK merchants in the Levels 4 to 3 are least likely to be prepared for the October 1st deadline.
About IT Governance
IT Governance Ltd is the one-stop shop for books, tools, training and consultancy for governance, risk management and compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is ‘non-geek’, approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.
To view all the latest IT Governance news, click here.