Ensuring Transaction Security With PCI Compliance
Protecting your bottom line with the highest level of security.
4.5 min read
Protecting you, your customers, and every transaction under our watch is an integral part of our day. That is why we've built in-house certified banking gateways that result in an unmatched level of support, accountability and security.
Precise ParkLink is the only Canadian parking organization to achieve Level 1 (highest level) Payment Card Industry compliance (PCI). As a result, we securely process millions of transactions each day on behalf of our clients. PCI compliance is a global bank standard that is used to process credit card transactions. Ensuring your parking system meets PCI compliance standards is necessary to protect against fraud and any liability associated with fraud.
Compliance with the Payment Card Industry Data Security Standards (PCI DSS) is mandated by credit card companies to safeguard cardholder information against theft and misuse. PCI compliance refers to the technical and operational standards merchants must meet to adequately mitigate data breaches and deter fraudulent use of cardholder information. Compliance levels range from Level 1, being the highest, to Level 4. PCI compliant enterprises are required to submit Self-Assessment Questionnaires (SAQs) produced by the PCI Security Standards Council (PCI SSC) on an annual basis.
Quarterly external vulnerability scans are required and performed by a PCI approved vendor. To ensure your bottom line is always well maintained, Precise ParkLink undergoes regular Canadian Standard on Assurance Engagements (CSAE) audits. The following is a breakdown of the requirements that need to be met for each level of PCI compliance.
Level 4 PCI Compliance
To meet level 4 requirements, merchants typically process fewer than 20,000 e-commerce or fewer than one million real-world transactions annually. Merchants are required to submit the relevant SAQs every year, with the possibility of undergoing a quarterly PCI scan.
Level 3 PCI Compliance
To meet level 3 requirements, merchants process between 20,000 and 1 million e-commerce transactions annually. They too must submit the SAQs relevant to their level yearly and may be subject to quarterly PCI scans.
Level 2 PCI Compliance
To meet level 2 requirements, merchants process between 1 and 6 million real-world debit and credit card transactions. Merchants must also submit annual SAQs relevant to their environment and may be subject to quarterly PCI scans.
Level 1 PCI Compliance
Those merchants that process more than 6 million real-world debit and credit card transactions annually must undergo an internal audit conducted by an authorized PCI auditor annually. In addition, they submit to vulnerability scans and penetration tests quarterly by an Approved Scanning Vendor to retain their Level 1 Compliance.
Each level ensures specific responsibilities are meet to protect payment data. No matter what level your organization falls under, offering secure payment methods provides customers with peace of mind. The PCI DSS has six significant objectives supported by 12 essential requirements. These, in turn, comprise 78 base requirements and are evaluated by over 400 test procedures.
As a vendor, it is encouraged to achieve and maintain Level 1 PCI compliance. This certification not only follows the most stringent security protocols in the industry but processes enough transactions to have the most experience in navigating existing and emerging payment security infrastructure.
References
A Guide to PCI Compliance Levels. (2021, April 6). [web log]. https://www.parkingindustry.ca/parking-revenue/a-guide-to-pci-compliance-levels?rq=pci.
PCI-DSS Objectives and Requirements. (2021, March 15). [web log]. https://www.parkingindustry.ca/parking-revenue/pci-dss-objectives-and-requirements?rq=pci.
Ritacca, J. (2021, March 24). PCI Compliance: What it means and how it’s evaluated [web log]. https://www.parkingindustry.ca/parking-revenue/pci-compliance-what-it-means-and-how-its-evaluated?rq=pci.