Thursday, July 26, 2007

Breakdown of PCI Merchant Levels

PCI Merchant levels and what it really means:

Level 1 >6,000,000 transactions annually

500,000 Transactions per month
~16,667 transactions per day

Fortune 100 retailers, web retailers, National and international banks, oil companies owning gas stations/convenience stores

Level II 1,000,000 – 6,000,000 transactions annually

83,334 transactions per month
~2,778 – 16,667 transactions per day

Convenience stores, utility companies (phone,electric, cable) small to medium retail stores, and web sites

Level III 20,000 – 1,000,000 transactions annually

1,667 -83, 334 transactions per month
~55 - 2,777 transactions per day

Small businesses, corporations who accept credit cards as a payment option

Monday, July 16, 2007

Who is the enforcement arm for PCI? The new 3 letter agency?

I recently found out that the QSA's are the enforcement folks in the PCI Compliance arena. They need to sign off that not only are they a solid choice to audit you, but they'll be forced to blow the whistle if there is anything amiss.

This got me thinking... Who else is offering a pre-audit who is not a QSA?

It's pretty clear what needs to be in place, it's also pretty clear when something is not, it's also very clear that you want to use a third party so that no cover your ass things take place in the ranks.

So are there any other ex-cop/private investigator/black ops types out there? You know what I mean, they guys that KNOW the system but aren't PART of the system...