If you are looking to buy more than one unit or you are a dealer, please contact our sales department at (903) 592-2131.
If you have any products (hardware or software) for sale, please contact our purchasing department at 1-866-853-4234 or email purchasing@1hcdi.com
HCDI Trading is a 'Historically Underutilized
Business' (H.U.B.)
We're always working to offer you more solutions along with
great products and unbeatable prices. Check out our Guides
section for walk-throughs, industry tips, resources and much,
much more - all suited to your needs, whether you're setting up
a new point of sale system for the first time or you're simply
upgrading your Dell Computer. Let us know how we can best
serve you!
PCI Compliance FAQ
What is PCI Compliance?
All merchants processing, transmitting, or storing credit card data were
required to comply with the new Payment Card Industry (PCI)
Data Security Standard (DSS) by June 30, 2005. Compliance required is
based on several criteria.
The Payment Card Industry highly recommends voluntary compliance for all
merchants accepting credit cards online and failure to comply with these
new security standards may result in substantial fines or permanent
expulsion from card acceptance programs.
What are the Requirements for PCI
Compliance?
Build and Maintain a Secure
Network
Requirement 1: Install and maintain a firewall configuration to
protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system
passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open,
public networks
Maintain a Vulnerability
Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control
Measures
Requirement 7: Restrict access to cardholder data by business
need-to-know
Requirement 8: Assign a unique ID to each person with computer
access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test
Networks
Requirement 10: Track and monitor all access to network resources
and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security
Policy
Requirement 12: Maintain a policy that addresses information
security
Do I need to become compliant?
Any company that accepts, processes, or stores credit card
information needs to comply with the standards set by the Payment
Card Industry.
What kind of a scan needs to be performed?
Vulnerability Assessment Scans must be performed by Payment Card
Industry Approved Scanning Vendors (ASV). The scan will be performed
over all externally facing IP addresses that touch the credit card
acceptance, transmission and storage process. Scans must be turned
into the merchant bank on a quarterly basis.
How long does it take to become compliant?
The PCI compliance process can take anywhere from one day to two
weeks. The amount of time it takes for a company to be considered
PCI Compliant is dependent on the threats the PCI scan discovers and
the amount of time it takes to complete the self assessment
questionnaire.
How do I report compliance?
Both the passing PCI Scan and Annual Self Assessment Questionnaire
should be turned into your merchant bank. Your merchant bank will
then report back to the Payment Card Industry that your company is
PCI Compliant.
What happens if I am not compliant?
Failure to comply with the Payment Card Industry security standards
may result in heavy fines, restrictions or permanent expulsion from
card acceptance programs.
What are my specific requirements for PCI Compliance?
The requirements for becoming Payment Card Industry (PCI) Compliant
are dependent upon the merchant level that a company falls under.
Merchants are divided into four different levels based on the number
of transactions they process throughout a year.
Level 1 Criteria
Merchants with over 6 million transactions a year
Merchants whose data has been compromised
