PCI DSS

Securing Cardholder Data

The PCI Security Standards Council is an international organization that established the Payment Card Industry standards for securing cardholder data around the world.  The PCI Security Standards Council (PCI SSC) has created more than 250 technical and operational requirements to protect credit card data.   

If your organization accepts, stores, processes, or transmits credit card information, you are subject to complliance.  PCI DSS standards form a comprehensive cybersecurity framework and outline best practices that Columbia Advisory Group can help you implement.

Columbia Advisory Group helps organizations manage and simplify PCI-DSS 3.2 reporting with our portal that streamlines continuous compliance and security control effectiveness.  As a Managed IT Service Provider and Managed Security Service Provider we help organizations:

  • Monitor access to card holder data on-premises and in the cloud
  • Provide real-time alerts based on business risks posed by payment card data
  • Perform continuous vulnerability scanning of internal and external networks, and endpoints
  • Implement secure configuration policies based on security controls benchmarks
  • Identify and prioritize vulnerabilities based on threat exposure, assets, and severity
  • Audit system access, authentication, and other security controls to detect policy violations
  • Automatically detect and scan new devices as they enter the network
  • Create, assign, track, and verify remediation tasks
  • Demonstrate compliance and communicate progress with reports, analytics, and live dashboards 

PCI Levels

Level 1

Merchants that handle:

  • 6 million+ Visa, Mastercard, or Discover transactions per year
  • 2.5 million+ American Express transactions per year
  • 1 million+ JCB transactions per year

Merchants that have suffered a data breach or cyberattack resulting in compromised cardholder data or that have been identified by a card issuer as Level 1.

Requirements

  • Annual Report on compliance (ROC) by a Qualified Security Assessor (QSA)
  • Quarterly network scan by an Approved Scan Vendor (ASV)
  • Attestation of Compliance Form

Level 2

Merchants that handle:

  • 1-6 million Visa, Mastercard, or Discover transactions per year
  • 50,000 -2.5 million American Express transactions per year
  • Less than 1 million JCB transactions per year

Requirements

  • Annual Self-Assessment Questionnaire (SAQ)
  • Quarterly network scan by an Approved Scan Vendor (ASV)
  • Attestation of Compliance Form

Level 3

Merchants that handle:

  • 20,000 – 1 million Visa e-commerce transactions per year
  • 20,000 + Mastercard e-commerce transactions per year, and up to 1 million
  • 20,000 – 1 million Discover card-not-present transactions per year
  • Less than 50,000 American Express transactions per year

Requirements

  • Annual Self-Assessment Questionnaire (SAQ)
  • Quarterly network scan by an Approved Scan Vendor (ASV)
  • Attestation of Compliance Form

Level 4

Merchants that handle:

  • less than 20,000 Visa or Mastercard e-commerce transactions per year
  • Up to 1 million Visa or Mastercard transactions per yea

Requirements

  • Established by the merchant’s acquiring bank
  • Usually include an SAQ and Quarterly Network Scan by an ASV

Ready to Talk with an Expert?

Learn how we align our exceptional experience as a leading IT Managed Service Provider to bring measurable benefits to your organization