Navigate Up
Sign In
PCI DSS
Plante Moran is a PCI approved scanning vendor (ASV) and our team of technology experts with experience in retail can help you through the 12 PCI DSS requirements ensuring your compliance with payment card industry regulations.

PCI DSS Compliance

Can you imagine doing business without credit, debit, and gift cards?

If you offer your customers the convenience of using a payment card whether it is a credit card, debit card, gift card, or a special card with your logo on it, you need to comply with the Payment Card Industry Data Security Standards (PCI DSS).

What is PCI DSS?

PCI is an industry group created by Visa Inc., MasterCard Worldwide, American Express, Discover Financial Services, and JCB International. To protect their cardholders from the increasing number of incidents of identity theft and security breaches, they have developed Data Security Standards (DSS) by which all organizations, small and large, that accept, process, transmit, or store credit card data must comply.

Who needs to comply?

Or put simply, if you accept any kind of payment card, PCI DSS compliance is required. To date, the Payment Card Industry has focused compliance on larger merchants. However, due to recent increases in identity theft incidents, the card issuers are moving toward enforcing full PCI DSS compliance by all affected organizations.

PCI DSS compliance levels
DEFINITION



(# of transactions per annum)




Self Assessment Questionnaire
COMPLIANCE REQUIREMENTS*


Network Security Scan by an ASV




On-Site Audit by a QSA
1 More than 6 million N/A Required Quarterly Required Annually
2 1 to 6 million Required Annually Required Quarterly N/A
3 20,000 to 1 million Required Annually Required Quarterly N/A
4 All others Required Annually Required Quarterly N/A

* This is Visa, Inc.'s standard

Penalties for noncompliance are steep

Penalties for noncompliance with PCI DSS requirements include a hold on your ability to accept payment card payments; increased scrutiny for the next year; and fines which can be as high as $500,000 or more per incident. Plus you open yourself up to potential legal liability from effected card holders due to lack of compliance with required payment card data handling security standards.

How can Plante & Moran help?

We are a PCI Approved Scanning Vendor (ASV) and a PCI Qualified Security Assessor (QSA). Our PCI specialists can help determine your PCI DSS compliance level, walk you through the self-assessment questionnaire, and/or complete the quarterly network security scans. Our services include:
  • PCI DSS health check, including determining the level of compliance
  • Network security scans (external, internal, wireless, etc.)
  • Penetration testing (external and internal)
  • Web application testing
  • Annual compliance certification

A glossary of terms:
  • PCI: Payment Card Industry
  • DSS: Data Security Standards
  • QSA: Qualified Security Assessor
  • ASV: Approved Scanning Vendor
  • SAQ: Self Assessment Questionnaire

“It was tough when we managers were going through the process of developing an ESOP and buying eight grocery stores from the owner. The Plante & Moran team made sure everyone was taken care of. And we continue to rely on them. They help us deal with day-to-day balance sheet issues as well as cost cutting and cash flow modeling. They seem to be always looking out for us and encourage us to look at the bigger picture. We appreciate how deeply they are committed to our success.”

CEO/President

Specialty Gourmet Grocery Chain



ssae16