PCI DSS Compliance

PCI DSS Compliance is required of any merchant that stores, transmits, or otherwise processes sensitive credit card information. Merchants are required to fill out a Self Assessment Questionnaire (SAQ) for initial validation and then renew annually. There are 4 different types of SAQ’s that are applicable to different business types as well as four levels based on annual credit card processing volumes.

PCI DSS Requirements

The PCI DSS compliance covers everything from technical foundation requirements to testing methodologies. There are currently 12 security requirements:

  1. Install and maintain a firewall configuration to protect cardholder data.
  2. Do not use vendor supplied defaults for system passwords and other security parameters.
  3. Protect stored cardholder data.
  4. Encrypt transmission of cardholder data across open, public networks.
  5. Use and regularly update anti-virus software.
  6. Develop and maintain secure systems and applications.
  7. Restrict access to cardholder data by business need-to-know.
  8. Assign a unique ID to each person with computer access.
  9. Restrict physical access to cardholder data.
  10. Track and monitor all access to cardholder data.
  11. Regularly test security systems and processes.
  12. Maintain a policy that addresses information security.

For most merchants, the PCI DSS Compliance requirement can become burdensome from a time and cost perspective. At the same time, however, merchants need to make sure that the solutions they put into place both meet the requirements and properly secure credit card information for the business, financial and PR consequences of a data breach can be significant. Many of the recent breaches have demonstrated that compliance does not always equal security.

The Smart Approach to PCI DSS Compliance

For these reasons, merchants are turning to Briantree for our innovative, cost effective and secure solutions for PCI Compliance. Not only do they help merchants meet the PCI DSS requirements but credit card information is entirely eliminated from the merchant environment so no sensitive data is present to be stolen by outside criminals or internal rouge employees.

We don’t just solve the problems, we make them go away. Watch How.

Braintree PCI Compliance Solutions Compared to In House

  With Braintree In House Approach
Time to become PCI compliant As few as 60 days 6 to 18 months
PCI DSS Controls to meet Less than 20 Over 200
Assessment costs to determine ‘scope’. $0 $44,000 to $125,000*
Hardware/Software upgrades $0 $81,000 to $568,000*
Ongoing expenses Fixed Variable

* Gartner estimates merchant Level 1-3

Comprehensive Payment Processing Solutions

In addition to our PCI Compliance focus and specialty, we offer a full range of products and services to provide merchants with a single solution for all payment processing needs:

Resources


New to processing?

Merchant Account Quick Guides

PCI Compliance Quick Guides

Developer Resources
 
Braintree mark

Braintree

Site Links

Resources

 

© 2010 Braintree Payment Solutions. All rights reserved. Braintree is a registered ISO/MSP of Wells Fargo Bank, N.A., Walnut Creek, CA