Skip to main content

PCI-at-a-Glance for Gaming

There are four levels of PCI Compliance. 

Level I is the highest standard

Levels III & IV are self audits and should trigger serious red flags within
your organization, as there is zero accountability.

Why choosing a PCI Level I supplier saves money and limits risk!
-       Liability: using a PCI Level I provider means that you absolve yourself from all liability as it pertains to the storage and transmission of credit card data. This means that if there was ever a breach and personal information was revealed, your SERVICE PROVIDER is liable, not your company.
o    Imagine your Public Relations Team explaining to your end users that their personal credit card information was compromised because you did not choose a PCI Level I Compliant provider.
-       Registration pages:
o    You must host registration pages, because they cannot touch credit card data.
-       User Self Service:
o    You must design, build and maintain USS because they cannot touch the credit card data when a user views/edits their payment information in their profile.
-       Admin and/or CSR Portal:
o    You must design, build and maintain the admin/CSR portal, as they cannot present credit card data for your team to reference/review/edit in the day-to-day handling of Customer Calls or simply in the review of the transaction history in the system.

The RIGHT Questions (and answers) to ask ANY potential Service Provider re PCI Compliance

Q. What is your CURRENT level of PCI Compliance?

A. We are PCI Level I (the highest standard). The definition is here: http://en.wikipedia.org/wiki/PCI_DSS Additionally, you can validate this information at this independently maintained link by Visa for PCI Compliance: http://usa.visa.com/download/merchants/cisp-list-of-pcidss-compliant-service-providers.pdf

Q. What is your validation date for PCI Level I Compliance?

A: Our validation date is mm/dd/yyyy and you can validate this information at this independently maintained link by Visa for PCI Compliance: http://usa.visa.com/download/merchants/cisp-list-of-pcidss-compliant-service-providers.pdf

Q. Who is your assessor?

A. Our assessor is  Trustwave/Security Metrics/IBM Internet Security Systems etc and you can validate this information at this independently maintained link by Visa for PCI Compliance: http://usa.visa.com/download/merchants/cisp-list-of-pcidss-compliant-service-providers.pdf

Comments

Kelli said…
It's really important that people understand how important PCI-DSS is. There is a huge difference between PCI level 1 and PCI level 4.
12:35 PM
Post a Comment

Popular posts from this blog

PCI Compliance - Cheat Sheet

A bit of background regarding PCI compliance - as credit card use has become more widespread both offline and online, and as consumer concern about security has understandably grown, the credit card industries have made an effort to ensure that sensitive information is protected. To that end, in September 2006, the major credit card companies (American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International) formed the PCI Security Standards Council (SSC) and established a set of rules for what they called PCI compliance. These rules have to be followed depending on the size of a business and the number of credit card transactions handled, and if done properly will help protect consumers’ data from theft. The Rules in a Nutshell There are six major categories within the standards established by the PCI SSC, which are as follows: –Build and maintain a secure network –Protect cardholder data –Maintain a vulnerability management program –Implement strong ...
1 comment
Read more

Italian Baseball | Arriving (VERONA, ITALY)

ARRIVING IN VERONA, ITALY to PLAY BASEBALL On the train from Milano to Verona I found myself being suddenly freaked out. My family-heritage-enthusiasm was starting to leave me...and self doubt started to pop up. In moments like this...and in my lifetime I had plenty...I did what I was taught to do on the baseball diamond...stick to the fundamentals and don't try to do too much! So I took a deep breath and kept thinking to myself, 'one thing at a time...and the first thing is to get rid of this HUGE, unwieldy, ridiculously heaving duffel bag!' There are two things everyone should know about Italian train stations: Left Luggage - you can leave your bags with them, thus unburdening yourself for a small fee. Buses - there are lots of buses outside of train stations and if you take Bus #1, it will take you to Il Centro (the center) of town. So with this knowledge I rented one of their changing rooms for 30 minutes...took a shower and sorted through what I needed to begin my que...
2 comments
Read more