Payment Card Industry Data Security Standard (PCI
This is a standard security measure that was introduced to
provide enough security of customers’ information. Major payment
gateways like Visa and MasterCard who originally started it, others
like; American Express, Discover and JCB, started the PCI Data
Security Standards in 2006. Credit card details of clients ought to
be protected from being leaked into the public domain. Major
payment gateways joined together and introduced a task force whose
main focus was to curb fraud cases and secure their clients
information. PCI are important to all payment gateways that provide
financial services like accepting credit and debit cards,
transmitting cardholders’ data and processing transactions via the
PCI DSSs are found on their website,
All payment gateways are no required to be PCI compliant no
matter the size of their database. This is enforced to make
customers feel safe that their private information cannot be
compromised. Deadlines for PCI compliance are usually stipulated by
the merchant banks.
PCI compliance levels
There are 4 merchant levels for PCI compliance and all of the
merchant are usually in one of the levels during a one year period.
They include; level 1, 2, 3 and 4.
Level 1: Merchant
This level is for all merchants who process 6M Visa Cards a year
no matter what acceptance channel they are using. All merchants are
required to fulfill the level 1 PCI compliance so that there is a
standard level of security for Visa.
Level 2 Merchant
This is for all merchants processing 1M-6M Visa transactions a
year. This is ignoring the acceptance channel that they use.
Level 3 Merchant
Level 3 is a requirement for all merchants the process 20,000 to
1M Visa e-commerce transactions a year.
Level 4 Merchant
In this level, a merchant who processes less than 20,000 Visa
e-commerce transactions a year and any other merchant that
processes 1M Visa transactions a year.
For merchants that have become victims of hacking that led to
compromising customers data, then they are moved into the next
level that is higher.
It is normal for merchant to be in different levels and this
makes low level merchants to have a cumbersome process to be PCI
compliant. There are steps that are followed for small size
businesses on the internet to be PCI compliant.
- Validation is identified to know the type of Self Assessment
Questionnaire that matches with your business
- Filling the Self-Assessment Questionnaire accordingly.
- Prove the passing the vulnerability scan from an Approved
Scanning Vendor (ASV).
- Complete relevant Attestation of Compliance to its
- Prove the passing of the SAQ and the attestation of PCI
These steps will satisfy the PCI to certify you as a PCI
compliant merchant. The major payment gateways have jointly agreed
that PCI DSS is a must for companies that transmit payment
cardholders’ data. The security requirements that are mandatory for
merchants may include:
- The use of firewalls to secure data
- Avoiding the use of default passwords and other secure
- Guard data that has already been stored
- Update your antivirus software on a regular basis
- Use a different user ID for each customer
- Avoid access of cardholders data into the public
- Test security systems regularly
Major credit card frauds and how to curb them
Theft of Identity
This is where frauds use other people’s information to conduct a
transaction this fraud can be prevented by asking the customer to
verify their identity.
This is when a person receives a message to send their credit
card information from frauds. This information may be used to break
the law. To avoid this problem, customers are urged to confirm the
source of any message that asks them for their credit card
It is common on the internet. This occurs when a person follows
a link and is redirected to a page that is not recognized. It is
somehow challenging to avoid page jacking. This fraud is dangerous
as you may find yourself purchasing a product through a fake site.
Merchants should be careful and ensure that their sites have not
been stolen to minimize this problem.
Fee scams happen when you are asked to provide an advanced
payment and in return you will earn some money. To arm yourself
against this vice, don’t accept these offers.
Check scams come inform of large payments. A customer may be
willing to pay more in advance or even overpay for a product using
checks. Be wary as this may be a scam to get free properties.
Though they are mostly safe due to counterfeit security
measures, some experts have specialized in making fake money
orders. Check carefully for any money order from risky parts to
curb this problem.
Some e-commerce sites found it difficult to prevent fraud in the
early stages of the introduction of e-commerce. This has greatly
been reduced due to the fact that there are fraud detection systems
now available. Below are some of the suspicious behaviors
experienced by many merchants online.
- Fake new customers who use other people details to make a
- Orders that are abnormal- These involve large orders and are
mostly done by new customers.
- Identical orders that are large. When a customer purchases many
items that are similar might be a fraud transaction.
- Getting less time shipping of merchandise- This involves
customers using channels that deliver merchandise quicker than
- Using of international shipping addresses- verification of
addresses can only work in the U.S. and U.K. this presents a
possibility of fraudulent shipping of products.
- Making payments using same account numbers in credit cards-
This is where some criminals use software’s to generate account
numbers and use fake numbers to make a purchase and then cease to
use them when they have completed the transaction.
- Having different cargos shipped to many different addresses
using a similar credit card number. Happens when frauds use the
same credit card number and have the products shipped to different
- Many orders from one IP address but with different credit card
numbers. Frauds use the same computer but with different credit
card numbers to order for a merchandise.
PCI produce an environment that is conducive for financial
services to be conducted in a safe and secure manner.