How to Stay PCI-Compliant
To achieve Payment Card Industry (PCI) compliance, companies must follow several standards to process card payment information safely. By following this PCI compliance checklist, your organization can ensure it adequately protects patients’ data against a breach.
1. Determine Your PCI Level
There are four PCI compliance levels based on the number of card transactions an organization processes annually:
- Level 1: 6 million transactions or more
- Level 2: 1 million to 6 million transactions
- Level 3: 20,000 to 1 million transactions
- Level 4: 20,000 or fewer transactions
Each level has different compliance requirements.
2. Remove Sensitive Authentication Data
Security is easier when your organization has as little data to protect as possible. Remove sensitive data from your internal systems so hackers cannot access it if they breach your network.
3. Protect Network Systems
Protect your network systems by limiting access to sensitive data and increasing your security around the access points that a hacker may use in a breach.
4. Use Secure Payment Card Applications
Place controls on your payment applications to make them as secure as possible.
5. Monitor and Control Access to Your Systems
Control and track who has network access and monitor their actions on your network to be aware of threats.
6. Build and Maintain a Network to Protect Stored Cardholder Data
Partner with a reliable information technology contractor to create a secure network, including a firewall. This system should prevent hackers from getting unauthorized access to payment information. Maintenance includes regularly changing passwords and updating the firewall.
7. Complete an Attestation of Compliance Form
A PCI attestation of compliance (AOC) is a form an organization must complete and send to the Payment Card Industry Security Standards Council (PCI SSC) to confirm that its Payment Card Industry Data Security Standard (PCI DSS) assessment was successful. A qualified security assessor should check this form before submission to make sure it’s correct.
8. File Paperwork With Banks and Credit Card Companies
If the banks and credit card companies you work with want proof of your compliance, send them your self-assessment questionnaire (SAQ) or AOC.
9. Understand the Penalties for Failing to Meet These Standards
If your organization does not meet every item on the PCI compliance checklist, you may face penalties like:
- Sanctions from banks.
- Increased fees.
- Eviction from credit card payment processing infrastructure.
More severe penalties include lawsuits and prosecution.
Contact Agio Today
Connect with us.
Need a solution? Want to partner with us? Please complete the fields below to connect with a member of our team.