Some more work for somebody:
https://www.itjungle.com/2017/03/08/...-just-changed/On January 31, a new PCI provision went into effect that requires Level 4 merchants to submit a Self-Assessment Questionnaire (SAQ) to their issuing banks. Previously, Level 4 merchants, which are defined as processing 20,000 or fewer ecommerce transactions or 1 million total transactions, were exempt from the SAQ requirement. Companies processing more transactions, defined as Level 1 merchants, have even stricter requirements, including annual audits of computer systems and quarterly network scans.
Even so, the SAQ can institute a considerable burden on IT departments that are already cut to the bone. “The Self-Assessment Questionnaire can be up to 500+ questions and take months to complete,” says Ira Chandler, CTO for Curbstone Corp., a provider of IBM i payment software. “And, an officer of the Company has to sign an Attestation of Compliance in blood that the SAQ is accurate,” he adds, with some exaggeration.
Visa, the credit card company behind PCI, says small companies are being targeted by cybercriminals. “Based on recent forensic investigations, small merchants remain a target of hackers attempting to compromise payment data,” the company says in a January 2016 security bulletin (pdf). “Additionally, investigators have identified links between improperly installed POS applications and merchant payment data environment breaches.”
Level 4 merchants – which includes any company processing credit card transactions for any reason, not just retailers – faced other PCI changes starting January 31, 2017, including the requirements that they work only with POS application and terminal resellers and integrators who are PCI-certified under its Qualified Integrators and Reseller (QIR) program.
“Using organizations that have completed the PCI SSC QIR training program helps improve security by ensuring that payment applications and terminals are installed and integrated in a manner that mitigates payment data breaches and facilitates a merchant’s PCI DSS compliance,” Visa states in the security brief.
- NG Firewall
- Solutions by Industry
- Solutions by Issue