03 Apr 2017

There are a ton of people out there who hear about hacking and assume that since they’re an average person at a small company, they’ll never have to worry about cybercrime. In their mind, as long as they protect their identity online and cancel any lost credit cards they’ll never have to deal with the hassles of practicing sound cybersecurity. Well, if you know any of those people, or happen to be one of them, there’s something you should know. Anyone with knowledge of the cybersecurity field will tell that no one can slack on their cybersecurity because everyone is a target.

Don’t believe it? Visa does. That’s why they recently changed PCI DSS to include level 4 merchants. What does that mean for you? It means that thanks to the high amount of cybercrime, most companies are now going to have to comply with PCI DSS code, and if you and your company don’t know what that means you need to keep reading unless you want to get caught off guard.

PCI DSS stands for payment card industry’s data security standard. In the early 2000s, online commerce and web infrastructure was kind of like the Wild West because of how new the internet on such a massive scale was back then. That meant that companies couldn’t reliably do business online or process credit card transactions, but that changed after Visa and other large credit card companies released the first version of PCI DSS in 2004. Ever since companies who wanted to do business with people who carried Visa cards had to be PCI DSS complaint. Compliance requirements under PCI DSS have always been less stringent for smaller companies and stricter for larger ones, but due to the rise in cybercrime and the effectiveness of modern breaches Visa just made a big change that everyone needs to know about.

Under PCI DSS companies have their own levels of compliance based on their merchant levels. The largest companies are level 1 while the smallest are level 4 with everyone else in between. In the past level 4 merchant’s compliance was simple, but as of January 31st they’re now required to fill out an annual self-assessment questionnaire and send it to their bank. In the past couple of months, level 4 merchants have discovered that filling out a SAQ is no walk in the park. Until recently, level 4 merchants were excused from filling out a SAQ because they can contain over 500 questions that cover everything from the name of the business to complex network infrastructure. That’s why it’s not uncommon for a company to spend weeks filling one out, and if they don’t whoever is in charge could be in big trouble. The consequences of failing to be PCI DSS compliant include audits, fines, and remediation costs, so when someone signs the dotted line they better be sure they’re 100% sure about their company. Perhaps the worst punishment of failing to be PCI DSS compliant is that if you’re found to be responsible for a breach where data was compromised you will be bumped up to a level 1 merchant, and that means you have to do the amount of work that a company who process more than 6,000,000 Visa transactions every year does even if you only do 15,000.

Don’t risk not taking PCI DSS compliance seriously. Small business all over are finding out that being compliant isn’t something you can do by simply Googling the answers. If you’re not a IT professional and your company is struggling to be PCI DSS compliant find someone who knows the ins and outs of compliance and hire them immediately. No matter what it costs you, it’s worth it considering the headache massive headache you’ll have to deal with if you fail.

Schedule an Appointment

Schedule an Appointment

    Our clients are awesome!

    Based on 55 reviews.
    Jeremy Richards
    Jeremy Richards
    2020-03-13
    Petronella provides great advanced digital marketing and automation solutions for my business!
    Kate Swenson
    Kate Swenson
    2020-02-14
    Highly recommended for CMMC certification assistance! Excellent and affordable options for secure data hosting on local infrastructure. 5 stars!
    Tom Matzen
    Tom Matzen
    2020-01-25
    Petronella Technology Group helped us setup our sales and marketing automation, cybersecurity and compliance for our new Blockchain startup. Great to work with! Craig in particular really knows his stuff, can translate into non-tech speak, and has wisdom beyond his years. Highly recommend them.
    Justin Summers
    Justin Summers
    2020-01-14
    Craig is awesome! He is very professional and efficient with his work. I would definitely recommend Petronella Technology to anyone who needs state of the art service.
    Blake Rea
    Blake Rea
    2020-01-14
    Craig is an expert in his field. Impressed by his knowledge, A true pioneer in Cybersecurity. My business is safer thanks to Petronella Tech!
    Robert Friedman
    Robert Friedman
    2020-01-10
    For the last five years Craig has been the Contributing Editor for Cybersecurity for NC Triangle Attorney Law Magazine which I publish. His base of knowledge is always leading edge, pragmatic and early to understand for our readers who are not techies. He is patient and easy to work with.
    Tammy Everett
    Tammy Everett
    2020-01-10
    Craig Petronella, CEO of Petronella Technology Group provided the members of the Defense Alliance of North Carolina expert advice on cybersecurity and NIST compliance. Eye opening experience! Thanks so much!
    Julie Brown
    Julie Brown
    2020-01-09
    Craig and the Petronella Technology Group, Inc. team made HIPAA compliance for my small practice so simple and easy! They helped me with all of my HIPAA training, HIPAA Security Risk Assessment, Penetration Test, and HIPAA secure hosting so I can rest easy.
    Pivot Point
    Pivot Point
    2020-01-03
    Petronella Technology Group helped us with our marketing strategy for our new web startup. Awesome experience!!!!
    Richard Brunet
    Richard Brunet
    2019-12-30

    SCHEDULE AN APPOINTMENT

    Make It Happen Now

    CLIENT SUPPORT

    Don't Feel Stranded

    CONSULTATION

    Get Best Advice

    PAYMENTS

    Make A Payment

    Top