Skip to main content

PCI-at-a-Glance for Gaming

There are four levels of PCI Compliance. 

Level I is the highest standard

Levels III & IV are self audits and should trigger serious red flags within
your organization, as there is zero accountability.

Why choosing a PCI Level I supplier saves money and limits risk!
-       Liability: using a PCI Level I provider means that you absolve yourself from all liability as it pertains to the storage and transmission of credit card data. This means that if there was ever a breach and personal information was revealed, your SERVICE PROVIDER is liable, not your company.
o    Imagine your Public Relations Team explaining to your end users that their personal credit card information was compromised because you did not choose a PCI Level I Compliant provider.
-       Registration pages:
o    You must host registration pages, because they cannot touch credit card data.
-       User Self Service:
o    You must design, build and maintain USS because they cannot touch the credit card data when a user views/edits their payment information in their profile.
-       Admin and/or CSR Portal:
o    You must design, build and maintain the admin/CSR portal, as they cannot present credit card data for your team to reference/review/edit in the day-to-day handling of Customer Calls or simply in the review of the transaction history in the system.

The RIGHT Questions (and answers) to ask ANY potential Service Provider re PCI Compliance

Q. What is your CURRENT level of PCI Compliance?

A. We are PCI Level I (the highest standard). The definition is here: http://en.wikipedia.org/wiki/PCI_DSS Additionally, you can validate this information at this independently maintained link by Visa for PCI Compliance: http://usa.visa.com/download/merchants/cisp-list-of-pcidss-compliant-service-providers.pdf

Q. What is your validation date for PCI Level I Compliance?

A: Our validation date is mm/dd/yyyy and you can validate this information at this independently maintained link by Visa for PCI Compliance: http://usa.visa.com/download/merchants/cisp-list-of-pcidss-compliant-service-providers.pdf

Q. Who is your assessor?

A. Our assessor is  Trustwave/Security Metrics/IBM Internet Security Systems etc and you can validate this information at this independently maintained link by Visa for PCI Compliance: http://usa.visa.com/download/merchants/cisp-list-of-pcidss-compliant-service-providers.pdf

Comments

Kelli said…
It's really important that people understand how important PCI-DSS is. There is a huge difference between PCI level 1 and PCI level 4.
12:35 PM
Post a Comment

Popular posts from this blog

PCI Compliance - Cheat Sheet

A bit of background regarding PCI compliance - as credit card use has become more widespread both offline and online, and as consumer concern about security has understandably grown, the credit card industries have made an effort to ensure that sensitive information is protected. To that end, in September 2006, the major credit card companies (American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International) formed the PCI Security Standards Council (SSC) and established a set of rules for what they called PCI compliance. These rules have to be followed depending on the size of a business and the number of credit card transactions handled, and if done properly will help protect consumers’ data from theft. The Rules in a Nutshell There are six major categories within the standards established by the PCI SSC, which are as follows: –Build and maintain a secure network –Protect cardholder data –Maintain a vulnerability management program –Implement strong
1 comment
Read more

beChange | WHY?

I believe that everyone feels alone or questions themselves from time-to-time. When it gets bad, it is akin to losing one's MoJo...where you doubt your instincts and find a bit of paralysis-by-analysis setting in. In baseball it manifests itself as a slump. Pretty soon you are standing at the plate and the ball looks really small...almost like a BB. And because the ball appears so impossibly small, you begin to believe the only way you'll ever hit the ball is if you begin to 'guess what pitch is coming next.' This then leads to BIG SWINGS...at curveballs...or LATE SWINGS...on fast balls. Net/net you look ridiculous! And the biggest thing...you LOOK lost...and everyone in the grandstands can see it! This happens in relationships as well. You start to lose your MoJo and doubt yourself in your relationship. You doubt the other person's feelings...your own contributions emotionally and intellectually...whether the person is still 'into' you...and you get a bit
Post a Comment
Read more