The era of PCI Compliance is here. Are you up to standard? Perhaps more important, do you have any idea what PCI Compliance is? What follows is a primer to help you understand PCI Compliance and what it means for your e-business.

As to the big questions: Yes, it applies to you. Yes, you have to do it. No, it isn't as bad as you think.

Data security makes sense for everyone in the transaction process. Visa, MasterCard, American Express, Discover and most major card companies have instituted mandatory compliance programs that require merchants and others who store or transmit cardholder data on behalf of the merchant to adhere to the Payment Card Industry (PCI) Data Security Standards. These standards are internationally recognized best practices for cardholder data security and are intended to ensure that cardholder data is appropriately protected at all points during the course of a transaction. As an e-commerce merchant, you may be required to comply with these standards, including passing quarterly and annual audits.

Determining Your PCI Compliance Level

Do you need to worry about PCI Compliance? It depends on the size of your business. There are four levels of PCI Compliance, with most e-businesses falling into levels 2 and 3.

Level 1	This is for very large businesses, or sites that have been hacked or designated by credit card companies for Level 1 status. You'll be required to have an annual on-site security audit, and quarterly system perimeter scans. You need professional help!
Level 2	This is for any merchant processing 150,000 to 6,000,000 major credit card company transactions per year. You'll be required to provide a quarterly system perimeter scan and an annual compliance questionnaire.
Level 3	This is for any merchant processing 20,000 to 150,000 credit card transactions per year. You too will be required to provide the quarterly system scan and annual compliance questionnaire.
Level 4	This is for merchants processing less than 20,000 e-commerce transactions per year. Scans and questionnaires are suggested but not required.

Attaining PCI Compliance

Level 1 merchants must choose from a certified list of service providers. Solid Cactus has relationships with two vendors whose backgrounds we have thoroughly researched. Contact us and we will put you directly in contact with them. Or use any major credit card company's list of Compliant Service Providers and research your own vendor.

Level 2 and Level 3 merchants can meet the PCI Compliance Guidelines on their own with very little work and very little cost. There are 2 basic steps.

Level 1

Fill out the PCI Questionnaire. You must fill out the form annually and keep it at your location. You must also complete a self-assessment form.

Step 2

Providing Perimeter Scans. You are required to provide your merchant bank a copy of your perimeter scans and e-commerce scans. This is a probe of your network to detect vulnerabilities, and should be done by pros. Visit http://www.solidcactus.com/pci.htmlto set up a scan. After your scan, your security consultant will give you a certification that you can provide to your Merchant Processor, stating that you are in compliance.

PCI Compliance is real, it's here, get used to it. That's the bad news. The good news is, secure transactions are better for all of us, and attaining compliance is not as hard as you think. Contact Solid Cactus, we'll point you in the right direction. Visit http://www.solidcactus.com/pci.html