Integrated Ecommerce Solutions

Nodus FacebookFollow Nodus on TwitterJoin Nodus on LinkedInWatch us on YouTube

A Quick Guide to PCI Compliance

The Payment Card Industry (PCI) Data Security Standard is intended to protect cardholders' credit card account and transaction information. Merchants who do not comply could face restrictions by the card brands and may be subjected to fines. American Express®, Discover® Card, MasterCard International®, and Visa® U.S.A. all issued a requirement for merchants and service providers to comply with the PCI standard as well as pass quarterly and annual audits to help ensure compliance.

PCI Compliance requires merchants, processors, and acquirers to secure their databases to prevent unwanted intrusions from hackers. The goal is to have a common set of data protection tools, measurements, and data security validation processes.


Effective Security Management Includes:
Build and maintain a secure network including the use of anti-virus, firewalls, system patching and contingency planning.
Protect cardholder data - if stored or transmitting, card information must be encrypted.
Maintain a vulnerability management program with periodic network security scanning.
Implement strong access control measures to all card information databases.
Create and enforce an information security policy.


PCI Requirements for Merchants:

Merchant Description Validation Action
Level 1 Over 6,000,000 transactions per year. Identified by payment card brand as Level 1 risk Annual on site audit and quarterly remote scans of their web sites and servers
Level 2 150,000 to 6,000,000 transactions per year Annual self assessment questionnaire and quarterly remote scans
Level 3 20,000 to 150,000 transactions per year Annual self assessment questionnaire and quarterly remote scans
Level 4 Less than 20,000 transactions per year Annual self assessment questionnaire and quarterly remote scans highly recommended


To fully comply with PCI requirements, a merchant doing less than 6 million transactions a year will need to do the following:

(a) Encrypt all credit card information before storage
(b) Complete an annual self assessment questionnaire
(c) Perform a quarterly security scanning of their IT infrastructure




How Nodus Can Help Your Business Become PCI Compliant:

Nodus now provides a complete solution to assist merchants in meeting PCI Compliance requirements. Our PCI Compliance offering consists of a free quarterly security scanning service with an ongoing software enhancement for Credit Card Encryption.

(a) Credit Card Encryption is essential to be able to meet PCI compliance requirements. Nodus' Credit Card Encryption program is a must for companies who have the requirement to store credit card information in Microsoft Dynamics GP. CCE features 256-bit key encryption for all credit card information stored in the Great Plains customer database. This product also provides restricted access for decrypting the credit card information to enhance security protection against unauthorized access.

(b) Nodus has partnered with the industry leader, ScanAlert, to offer a quarterly scanning service with PCI compliance certification to give merchants peace of mind. ScanAlert is the only security scan vendor to be independently certified to the CISP highest level of security standard by Visa International. This ScanAlert Certified PCI Compliance Program includes:

Unlimited security scans of up to 6 domains or IP addresses
Full vulnerability remediation support from CISP certified security specialists
Assistance completing your self-assessment questionnaire
Assistance preparing a compliant security policy

Using Nodus' Credit Card Encryption and ScanAlert's interactive self-assessment form and full technical support, many clients successfully complete the program within a few hours of enrollment!

This product supports both Standard and Professional version of Microsoft Dynamics GP and Microsoft Small Business Financials. For information about Credit Card Encryption and how to become PCI compliant please email Nodus or call: (909) 482-4701.




It is imperative that you act now to become compliant with the PCI security standards to avoid potential fines and being barred from transacting credit cards. Visa and MasterCard have imposed fines of more than $500,000 per event for non-compliance and data security compromises.

For more information about the PCI Data Security Standard and compliance requirements contact your acquiring bank or payment service provider:

VeriSign: http://www.verisign.com/products-services/payment-processing/pci-compliance.html

Visa: http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp_merchants.html


For more information - Contact Nodus or call us directly at: (909) 482-4701.