HA&W
404-892-9651

PCI Services

Anyone who has tried navigating the myriad of available guidance on PCI compliance knows how confusing it can be. Just trying to figure out where to start and which forms to use can send most companies running for an expensive assessor often resulting in an overkill-ridden, budget-busting experience. While QSA’s are an essential component of some PCI compliance efforts, they are not mandatory. With the proper guidance, the majority of companies can handle a significant portion of their PCI compliance on their own, greatly reducing their costs. While this may seem drastic to some, it is the precise reason the governing bodies allow firms processing up to 1 million transactions annually to perform a self-assessment. (See chart below.)

Level / Tier Merchant Criteria Validation Requirements
1
 Merchants processing over 6 million Visa transactions annually (all channels) or Global merchants identified as Level 1 by any Visa region 2 Annual Report on Compliance (“ROC”) by Qualified Security Assessor (“QSA”)
Quarterly network scan by Approved Scan Vendor (“ASV”)
Attestation of Compliance Form
2
 Merchants processing 1 million to 6 million Visa transactions annually (all channels) Annual Self-Assessment Questionnaire (“SAQ”)
Quarterly network scan by ASV
Attestation of Compliance Form
3
 Merchants processing 20,000 to 1 million Visa e-commerce transactions annually Annual SAQ
Quarterly network scan by ASV
Attestation of Compliance Form
4
 Merchants processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually Annual SAQ recommended
Quarterly network scan by ASV if applicable
Compliance validation requirements set by acquirer

Our PCI professionals are available to meet a variety of your organization's PCI DSS compliance needs. From PCI DSS Readiness Assessments to PCI Policy and Procedures, our methodology will allow HA&W to assist in getting you where you need to be, using a customized approach that is scalable and cost-effective.

Available PCI Services include:

For more information about The Payment Card Industry (PCI) Data Security Standard (DSS) Self-Assessment Questionnaire (SAQ), you can go to the PCI Security Standards Council (SSC) web site, where the PCI SSC has published the self-assessment questionnaire for organizations needing to undertake this task.

DANIEL SCHROEDER, CPA, MBA, CISA, CIA, CISM

Daniel Schroeder
CPA, MBA, CISA, CIA, CISM
 dan.schroeder@hawcpa.com
Quick Links

Staff | Careers | Pay Online
Peer Review | Today's Tax Alert
HA&W Chinese Web Site

eNewsletter
First Name:
Last Name:
Email:

Accounting Today - 2012 Top 100 Firms
an independent member of Baker Tilly International
Inside Public Accounting - 2011 Top 50 Firms


For more information, call 404-892-9651 (Atlanta, GA) or 941-955-4429 (Sarasota, FL) or send email to info@hawcpa.com. Atlanta, GA: Five Concourse Parkway Suite 1000 Atlanta, GA 30328. Sarasota, FL: 1990 Main Street, Suite 750 Sarasota, FL 34236. Copyright © Habif, Arogeti & Wynne, LLP. All Rights Reserved.