 |
 |
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
Accreditation: Does my business need to comply with PCI?
The table below outlines the level of approval you will need depending on your business. Please note that VSP Form, VSP Server and VSP Terminal customers are already covered under the Protx approval.
Merchants are currently categorized into 4 levels, namely:
| Merchants | |
| Level 1 | Any merchant - regardless of acceptance channel - processing over 6,000,000 Visa transactions per year. Any merchant that has suffered a hack or an attack that resulted in an account data compromise. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimise risk to the Visa system Any merchant identified by another payment card brand as a Level 1. Requires an Annual Onsite Security Audit + Quarterly Network Scan |
| Level 2 | Any e-commerce merchant processing 150,000 to 6,000,000 Visa transactions per year. Requires an Annual Self Assessment Questionnaire + Quarterly Network Scan |
| Level 3 | Any e-commerce merchant processing 20,000 to 150,000 Visa transactions per year. Requires an Annual Self Assessment Questionnaire + Quarterly Network Scan. |
| Level 4 | All other merchants, regardless of acceptance channel Strongly recommended an Annual Self Assessment Questionnaire + Annual Network Scan. |
How do I comply?
Depending on your level of classification in the above table, you can either carry out a self-assessment or you will need a specialist company to audit your business. Protx uses a company called Trust Wave to carry out our audits and Protx have negotiated special discounted rates for any Protx merchant that signs up to their service.
If you would like any further information on Trust Wave please register here.
How much does it cost?
You can expect to pay anything from a few hundred pounds to a few thousand pounds depending on your classification.
What happens if I do not comply?
The PCI is not designed to fail companies, but rather to make recommendations on security standards. If you fail an audit you will be given a period of time to make the recommended changes to your security procedures.
If you refuse to comply with the audits or if you experience a breach in security, you may be subjected to heavy fines and in extreme cases you may be prevented from accepting cards.