PCI Security IT
What is a
virtual terminal?

Move your business to
PCI SAQ level A with a Virtual Secure Terminal

A virtual terminal
we recommend

PCI Compliance Summary

Simple certification: SAQ A

Simple certification: SAQ B




 
PCI Simple     What is a Virtual Terminal?       Billing Orchard
Support Hotline:
877-270-5557
Inquires:
877-270-5557
Live Computer Tech Support
 



PCI Simple

A program to bring PCI Compliant IT simply and easily to small businesses

For merchants that process credit cards, the PCI standard must be followed.  Zirius brings a business through the certification process, reducing the complexity of its requirements and SAQ level when possible. We explain how below, along with helpful information for anyone going through PCI certification.

The small business PCI challenge

To a small business, it can be scary and overwhelming. It can also be difficult for a business without its own I.T. staff to be confident it has taken the correct steps, since a large part of the certification process involves the business testifying that it has taken "appropriate" measures to provide specific protections,  monitoring and review. This challenge increases because the requirements are written in the language of big company information technology.  For most small companies and many IT consultants, it is pretty thick stuff to wade through.

What is the PCI standard?
The PCI standard is actually four different standards, which (from least complicated to most complicated) are levels A, B, C, and D. The level you are required to fulfill is defined by your business office practices, especially whether you store cardholder data like card account numbers, determine which level of SAQ you must satisfy.

The SAQs address several areas:  
  • That you have written down and distributed to your employees the business process policies and and IT policies that PCI wants to see addressed. In completing the SAQ, you  commit to run your business according to them. 
  • That computer and IT steps are taken to reduce the risk that cardholder data could be stolen. 
  • That ongoing steps are taken (in certain cases) to verify the status of the IT systems you have in place, and the reliabity of the policies you are using.  
  • That documentation (in some cases) be kept of changes made to your business proceedures and IT systems.
These requirements were written by computer professionals who understand the ways of very large companies, but they do not show much appreciation of  the challenges and budget of the small business, and they tend to dictate how your must solve each issue.In many cases,  the tools they expect you to use are the tools of the large companies, which probably does not work well for your smaller business. 

Of course, most small businesses are not ready for all that. And most IT consultants have no knowledge of the PCI standard and no idea what a smart PCI compliant solution would be.  Some PCI solutions for small buiness get stuck using a big company that is expensive and demanding for a small businesses environment.

Navigating the four different PCI security standards.

Zirius organizes the approach to find the easiest path for your  certification, and then plugs in a pre-defined solution that gets you certified. 

Zirius first looks for the simplest and easiest path to certification for your busienss. That may mean that a simple change to your business process that could move you from an SAQ C or D level to an SAQ A or B level and save you thousands of dollars in PCI compliance requirements. We will also discuss with you the changes and the costs for you to become PCI compliant as you currently operate. 

We always suggest ways for you to meet the requirements for the lowest cost.  Most important in this area is to not store the cardholder data inside your own network. Often this will bring you to the SAQ level by itself. You would need to use a service through a web browser that allows you to charge customers online once or with a recurring charge. The PCI standard calls this a "Secure Virtual Terminal". The cost of this service may be only $10 to $50 per month, and may bring your PCI compliance costs down from thousands yearly (and more for initial compliance) to five hundred or so yearly.

Zirius recommends Billing Orchard for this, and we have used it ourselves for several years.  It allows you to stop charging credit cards in house or entering the numbers in your computers because you do them in a "web application" that handles it for you at a large PCI compliant facility. It gets you to the easiest PCI Level "A" quickly, and it is
  • simple to use,
  • inexpensive,
  • totally secure and private,
  • handles recurring or one-time credit card charges easily,
  • gives you a professional look to your clients, and
  • costs about $20/month for most businesses.
Also comes with a free trial.   For reviews, click here.

At the same time, we will give you a review of your current computer security, seperate from the PCI requirement. Keep in mind htat PCI is not a complete security solution for small businesses. We will let you know if you still have areas of concern.

We also  plug in elements of  big company style IT when necessary, and manage them from our offices, as though you were an office of a large corporation. This gives you the big company security step that PCI wants, but you only pay a modest monthly fee.  

In cases where PCI requires you have something done on a periodic basis (say quarterly, internal scan of your wireless network for security risks), Zirius sets the timer and makes sure the task is done. We send you the report.   

For those policies you are required to create, Zirius gives you the policies you need, already written in layman's language. We review them with you to identify any changes you might need to make to adapt them to your style of doing business. 

We get you set up. We have a system. We bring you to certification.

Must customers pay a monthly fee and an initial set up fee. The amounts vary, depending on the office practices you need. The cost could be as little as a few hundred dollars. 

PCI isn't easy, but we make it easier on you and on your budget. 



Give us a call for more information.
877-270-5557 Option 2
PCI Compliant IT
PCI Compliant IT
for small businesses  

 Get out of the boxGreen Computing  improves your life and your business.  
                    (A public service section.)

mini networkKids and Computing  
Support kids to be their best.
(A public service section.)



 
MSP Alliance memberCertified Microsoft Small Business Specialist