If you’re in PCI pain, here’s how you can get some relief.

By Reported Donna Loyle

Many of the requirements involve common sense, Botelle continues. “For example, do criminal background checks on employees who take and can view customers’ credit card numbers. And keep credit card numbers in locked rooms to which only managers have keys.”

What about the quarterly online scans? As part of the compliance process, Levels 1, 2 and 3 merchants must have all of their external IP addresses scanned quarterly for vulnerabilities. (The scanning process is recommended, but not required, of Level 4 merchants.) The Network Security Scans must be conducted by a third-party compliant security-scanning vendor. Ask your acquirer for the list, or scroll to the bottom of this article for a link to the list.