To help mitigate card payment fraud, the PCI Security Standards Council (PCI SSC) launched a set of requirements in 2006 to ensure all companies that process, store or transmit credit card. com EDITOR’S CHOICE A file storage, sharing, and transfer service that is HIPAA compliant. 2 The Rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality, integrity, and availability of e-PHI. One of the best HIPAA-compliant credit card processing solutions is to choose the processor very thoroughly. Posted By Steve Alder on Jan 1, 2023. There are three sets of requirements included in the HIPAA Security Rule. HIPAA was enacted by the US congress in 1996. For HIPAA-covered entities that use PHI during video calls and payment processing, compliance with the HIPAA privacy, security and breach notifications rules is a must. They are directly engaged in creating and transmitting PHI through the performance of the treatment or other procedures and the acceptance of HIPAA compliant credit card processing. However, at the present time, it is only available for qualified, licensed therapists and is not a service every Covered Entity can take advantage of. All transactions (including e-commerce) that involve the processing of payment card data (debit and credit cards) are required to utilize the Boston University Cashier System. In addition to a device/password inventory, basic precautions and configurations should also be enacted (e. Given the amount most therapists charge per session, this change ends up costing us less! For card-not-present payments, you can manually key in your. PCI DSS meaning. Successfully implementing HIPAA-compliant payment processing, such as Dental Intelligence's payment solution, will keep your patients' private information secure. g. PCI employs a continuous three-step process to achieve and maintain security compliance. Square: Best Online Credit Card Processing For Low-Volume & New Businesses; 2. Rectangle Health’s points of PCI compliance for healthcare aligns to specific HIPAA considerations. To simplify a definition of what is considered PHI under HIPAA: health information is any information relating a patient´s condition, the past, present, or future provision of healthcare, or payment thereof. Issued by: Centers for Medicare & Medicaid Services (CMS) Issue Date: August 02, 2020. To resolve this issue there are several HIPAA compliant payment processing options you can employ: 1. Our rigorous audit procedures and compliance certifications allow us to meet or exceed all top industry standards, including HIPAA, HITRUST, PCI, NIST and more. Helcim : Best All-in-One Platform. We’ll briefly review PCI compliance and its main requirements, and provide a list of easy best practices you can. In the preamble to the Security Rule, several NIST publications were cited as potentially valuable resources for readers with specific questions and concerns about IT security. The HIPAA Security Rule specifically focuses on the safeguarding of. Helcim’s pricing structure rewards high-volume merchants by charging a lower margin as the number of transactions being processed each month increases. Main menu. This will ensure your patient data is stored and transferred securely, and only authorized professionals can access it. What types of payments are HIPAA compliant? Credit cards. You can’t use just any invoicing software for this. Build protocols your firm will follow to comply with each PCI regulation listed earlier in. With our built in claims integration you gain access to submit eclaims and track. If data is encrypted: here’s what you’re allowed to store: PAN (Primary Account Number) (e. #payment #finance #healthcare Keenethics on LinkedIn: HIPAA-Compliant Credit Card Processing Practices | KeenEchicsThere is disagreement about the best HIPAA compliant password policy to implement, including the format of passwords and the frequency of password changes and the best way of securing them. 4. TranscribeMe uses advanced AI technology as well as professional transcriptionists. 0 Excellent. Why Do You Need HIPAA-Compliant Credit Card Processing? 7 Best Healthcare Payment. As of November 2019, Square updated its pricing as follows: For in-person transactions, Square charges you 2. It’s why Chase handles over $1 trillion in annual processing volume. – Most versatile processor with no monthly fee. , 5/18) Service code (Note: You can’t actually see this data on a physical card because it resides in the magnetic stripe)These standards, known as the HIPAA Security Rule, were published on February 20, 2003. The Payment Card Industry Data Security Standard (PCI-DSS) is a binding set of requirements for any organization that processes or stores credit card information. Credit card. PCI compliance is divided into four levels, based on the annual number of credit or debit card transactions a business processes. There is a $10,000 penalty per violation, an annual maximum of $250,000 for repeat violations. The Payment Card Industry Security Standards Council (PCI SSC) sets the PCI Data Security Standard (DSS) to protect cardholder data, applicable to entities handling such data. There has been much fear, uncertainty and doubt on the part of retailers about the best way to secure their customer credit card information from hackers, coupled with frustration and resistance. Click above to enter your information and a payments expert will contact you, or call 877. The issue of how to secure patient information and PHI is challenging because HIPAA does not require all patient information to be secured. Discover the best credit card processing companies and learn how to evaluate them based on pricing structures, fees and how credit card processing works. If you don’t offer your clients a way to pay you that’s compliant with HIPAA. g. If you work with private health information in any form, you need to keep it protected. S. We chose National Processing as the best credit card processor for low transaction rates because its interchange-plus rates are low compared to other processors. 40% plus 8 cents in. com EDITOR’S CHOICE A file storage, sharing, and transfer service that is HIPAA compliant. I may not know what I am talking about, so I welcome input! Executive summary: if your financial services vendor does more for you than swipe your credit cards - such as storing card numbers, mailing collection letters, setting up payment schedules. The link between HIPAA and credit card processing. , John Smith) Expiration date (e. g. It allows you to collect no-swipe credit card payments at a flat rate of 2. Card networks allow health care providers to dispute chargebacks without violating HIPAA compliance, and much of the same information. Being PCI compliant tells major credit card companies and banks that you’re a reliable organization. , 16 digit number on front of card) Cardholder name (e. IRS Mandate (Section 6050W): Mandates the reporting of sales made with a credit or debit card to the IRS. 5 in our Best Credit Card Processing Companies of 2023. You’ll find that payment providers already have a ton of safeguards. g. The HIPAA Rules, including the business associate provisions, do not apply to banking and financial institutions with respect to the payment processing activities identified in §1179 of the HIPAA statute, for example, the activity of cashing a check or conducting a funds transfer. Payment processing. Enables organizations to detect, prevent, and remediate data breaches. These Are the Best Credit Card Processors for Therapists in 2023. For HIPAA violation due to willful neglect, with violation corrected within the required time period. Card networks allow health care providers to dispute chargebacks without violating HIPAA compliance, and much of the same information that would. HIPAA Journal's goal is to assist HIPAA-covered entities. In order to keep patient information safe and secure, you must consider a variety of practices to maintain HIPAA compliance and protect all data points. Want a better credit card processor? Read detailed reviews of 40 of the best credit card processing companies, including prices, fees, and terms. Generate an invoice, superbill, or claim. PCI Compliance: Technical and operational standards that businesses are required to adhere to in order to ensure that cardholder data is protected. Interchange-plus & membership pricing. Once you have become properly set up, accepting patient credit and debit cards should be a breeze. Please contact the Cashier Services at (617) 353-3896, or via via the new Financial Affairs Customer Service Portal, for further information regarding Cashier System. No plugins, no passwords, no extra steps. This includes any ecommerce business as well as payment processing companies, cloud storage companies, and more. The secure customer vault is a great solution for any merchant that needs to save credit card or checking information to use for future payments. Stax is the No. Psychologists and psychotherapists now provide services virtually, making traditional payment methods obsolete. Here is the list of the best HIPAA compliant solutions: Files. Stripe is a payment processing company that offers a HIPAA-compliant solution for businesses that need to process PHI. There is no one “right” answer. No plugins, no passwords, no extra steps. All Features from Forms Only. The best virtual terminal credit card processing provider should be able to process different payment methods and transaction types. Want to learn more about our payment processing solutions? Call us today at 800. Practice Management $ 74. Compare HIPAA Compliant Email software user reviews, pricing, features, and more. Payment Card Industry Data Security Standards (PCI DSS) compliance ensures companies adhere to a set of 12 requirements developed by the PCI Security Standards Council. Requirement 5: Protect All Systems and Networks from Malicious Software. Free Trial: No. We have you covered with a wide range of options to accept credit cards. Here’s each step you need to consider to make sure you’re complying with HIPAA regulations. Feedback. Advanced permissions. As a result of this sizable breach, the business was forced to stop processing major credit cards for 14 months and had to. Please contact the Cashier Services at (617) 353-3896, or via via the new Financial Affairs Customer Service Portal, for further information regarding Cashier System. PCI compliance is. Start saving time by asking your patient for Insurance and ID information directly on your new patient form. Research Credit Card Processing Reviews. Square provides a business associate agreement (BAA) in which it commits to operating in accordance with HIPAA guidelines. Credit Card Processors; Hi Risk Processing; Mobile Processing Apps; Online. Improperly storing customer credit card information can also be costly, with penalties, fines, and possible legal action against your firm. 5% to 3. 1952. 6717 Fill out our contact form. Report — documenting assessment and remediation details, and submitting compliance reports to the acquiring bank and card brands you do business with (or other requesting entity if you’re a service provider). You can use Stripe and be HIPAA compliant. The key differences between these two compliance standards are: Covered entities —HIPAA applies to healthcare organizations or practitioners and their business partners in the US only. Automated superbills. Summary. Dedicated success manager. doxy. Stax: Best Credit Card Processor for High-Revenue Businesses. Treati. All plans support group therapy and have in-session chat. Automated superbills. InstantPay. Core Financial Processing merchants provide HIPAA-compliant credit card processing for surgeons to ensure that all the transactions made at their medical centers are safe and secure. What We Look For in the Best Credit Card Processing for Therapists; 1. The PCI Security Standards Council helps protect payment data through industry-driven PCI SSC standards, programs, training, and lists of qualified professionals and validated solutions and products. ACH payments Yes, TheraPlatform complies with physical, administrative, and technical HIPAA regulations and with the HIPAA Security Rule. Even if an organization processes just four credit card transactions a month, it must be PCI compliant. You won’t find anything else this good at this price point. com EDITOR’S CHOICE A file storage, sharing, and transfer service that is HIPAA compliant. 3) What Square is doing is now giving us a previously-missing piece of the puzzle that would allow us to make full use of Square’s features and remain. How to Select a HIPAA-compliant Survey Tool. TheraNest. The processor’s fee is the same for all in-person credit card payments and typically averages 2. All data is encrypted and stored securely using Amazon Web Services. Find out what credit card processing systems are best for your practice with MONEXgroup. Best for: Integrations available with Zoom, Facebook Mailchimp, and over 1500 other apps. Our ratings consider factors such as transparent pricing. Several overlap with those required to meet GDPR, HIPAA and other privacy mandates, so a few of them may already be in. 6 position in our Best Credit Card Processing Companies of 2023 rating. Free Trial: No. Automate Appointments for Efficiency and Convenience. 3. There are important HIPAA and other privacy issues to keep in mind, and processing fees to consider. Credit cards. Some medical offices require patients to pay in person by swiping credit cards or HSA (Health-Savings Account) cards through a terminal. Key Features: Sync. The solution is HIPAA compliant and offers a secure platform, video conferencing, and virtual waiting room features. On the surface, they do offer the convenience of credit card processing, keeping a customer’s card on file, HIPAA-compliant video conferencing, and invoicing software on just one platform. What you didn't hear in any of that summary was a mention of credit card processing services. Complete liability protection is ensured from the. Looking for HIPAA-compliant credit card processing? Here’s what you need until know about healthcare fees & HIPAA, plus an 7 best options. 2. TherapyNest billing features include: claims management. The Durbin Amendment: changed the fees merchants must pay in an online transaction. The corporate security strategy offered by our platform is among the most robust in the credit card processing industry. HIPAA compliance helps maintain patient health information privacy and security, while PCI-DSS compliance secures credit card transactions and cardholder data. View a comparison of the best HIPAA Compliant Email software in 2023. Be sure to consult with the POS provider about a BAA. 3. PaymentCloud: Best Online Credit Card Processing For High-Risk Businesses; 3. But when it comes to protecting HIPAA data, the necessary security and features become even. Level 2: Businesses that process. Accreditation. Maintaining PCI compliance and HIPAA compliance can help healthcare organizations protect all forms of patient data, from medical information to credit card numbers. 99. How To Offset Or Lower Your Credit Card Processing Fees - March 14, 2023. It is a useful resource for anyone who handles payment card data or operates. 5 in our rating of the. Our ratings. Want to learn more about our payment processing solutions? Call us today at 800. Level 1: Applies to merchants processing more than six million real-world credit or debit card. g. 5 in our rating of the. Credit card processing services are explicitly excluded from the requirements of HIPAA. HIPAA Security Rules for Dental Offices. PCI DSS applies to all businesses that process credit card transactions worldwide. October 18, 2023 Inside this Article Finding the right credit card processor is challenging for any business, but if you’re in the healthcare sector, there’s even more to consider. me. Maintaining payment security is serious business. Additionally, if Protected Health Information (PHI) is secured too much, it can prevent the flow of information needed to perform treatment, payment, and healthcare. Partner with us for merchant services and payment processing with the best support. PCI security standards council requires any. In order to sign up for the service, Ivy. it offers one flat rate for all major cards, just 2. A “business associate” is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity. It’s important to do the investigative work to determine if your invoicing software is HIPAA-compliant. If you run PCI-compliant or HIPAA-compliant workloads that are based on the AWS shared responsibility model, we recommend that you log your CloudFront usage data for the last 365 days for future auditing purposes. This includes agreeing not to use or disclose protected health information (PHI) in any way that isn’t permitted under HIPAA. The standard is administered by the Payment Card Industry Security Standards Council, and its use is mandated by the card brands. Stripe: Best for omnichannel businesses. Corepay Review - May 25, 2023. This method offers a secure telemedicine payment processing gateway. Clinical Notes. Here is the list of the best HIPAA compliant solutions: Files. The following is the per-month pricing structure for Helcim: $0 to $50,000: 0. It is intended to protect both cardholder data and authentication data with requirements that help prevent, detect, and react to security incidents. FrontRunners 2023. Although processing payments through a credit card processor can generate personally identifiable information, Health and Human Services (HHS) have stated that collecting payments is excluded explicitly from HIPAA mandates. 5. The flat rates are: Domestic credit and debit card payments: 2. Dharma Merchant. TranscribeMe is a HIPAA-compliant transcription software known for its fast and accurate transcription services that cater to health care professionals and institutions. Here are 18 of the top HIPAA-compliant video conferencing services. After evaluating dozens of products, we’ve identified the eight best HIPAA-compliant CRM software: Best overall: Freshsales. In the HIPAA law, Title II, Part C, Section 1179 addresses the processing of payment transactions by financial institutions. Plus, HMS understands that medical payment processing is a lot different from payment processing in an industry like. Written by. No credit card required. Practice Management $ 74. Several overlap with those required to meet GDPR, HIPAA, and other privacy mandates, so a few of them may already be in. You can also use our free Protected Health Information Guide to learn how to safeguard your organization’s PHI. PCI (Payment Card Industry) compliance has been a cause of both great concern and great confusion to retailers. S. The Payment Card Industry Data Security Standard ( PCI DSS) is an information security standard used to handle credit cards from major card brands. Get a free payment processing audit today! 800. Sensitive information is not held on your premises or stored on. The guidelines outline a series of steps that credit card processors must continually follow. Customize the look and capabilities of the system to best suit your practice. 335. The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, was enacted on August 21, 1996. PCI DSS Quick Reference Guide is a concise document that provides an overview of the PCI Data Security Standard and how to comply with it. Our panel of psychologists rate and review three popular payment processing platforms to help you find one that. Free data import support. Collect payments before or after a session. Accept Credit Cards in Private Practice Using Square | HIPAA, Processing FeesUPDATE (11-3-19): Square has changed its processing fees since I uploaded this v. Successful healthcare practices must demonstrate knowledge of security practices and must be able to effectively carry them out in order to protect client information and data. Additionally, our staff is trained on HIPAA standards. 5% to 3. 5. We’re available 7 days a week and happy to help. PCI DSS is a cybersecurity standard backed by all the major credit card and payment processing companies that aims to keep credit and debit card numbers safe. Send and receive faxes using a fax machine and a dedicated telephone line. If you are subject to HIPAA as a Covered Entity or Business Associate (as defined in HIPAA) and use the Services in a manner that causes Square to create, receive, maintain, or transmit Protected Health Information (PHI) on your behalf, then you agree. Put another way, if the average medical practice overhead is as high as 70%, that means that in 2019, the average medical practice only had $714,000 in. The best part is that IntakeQ and Square are both HIPAA compliant, making them the perfect combination to streamline your practice. Is Ivy Pay HIPAA compliant? It is possibly the most HIPAA compliant payment processing service for Covered Entities. A PCI breach could cost anywhere from thousands to millions in fines to the credit card companies, and could result in the loss of card processing privileges, which. At Jotform, our reputation rests on our ability to provide all of our users with the highest form security. Payments. TheraPlatform has been the best of all worlds! Reasonably priced, effective HIPAA compliant teletherapy, intuitive charting options, and available in-system. They set the operational and technical requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions. Two factor authentication has already been adopted by many medical centers and physician practices for credit card payments to adhere to the. SOC 2 Compliance. View all financial transactions from the reports tab. 5 Best HIPAA Compliant CRMs Compared. Leaders Merchant Services – Custom plans, low transaction fees and appointment scheduling integration for therapists. Accounts and More. US healthcare organizations and partners. Here is the list of the best HIPAA compliant solutions: Files. Compare Quotes. [We will be publishing reviews of three remote payment processors that can be used in a HIPAA-compliant manner in the next installment of Let’s Get Technical . HIPAA and PCI DSS overlap in the end goal—protecting sensitive data from being stolen or shared improperly. Prices for paid subscriptions vary based on selected region and duration, starting from $16. This exemption is based on the understanding that credit card processing services deal exclusively with card payment information and do not involve the storage, handling, or transmission of health records or electronic protected health information (ePHI). Whatever entry method you choose, our system securely stores all credit card data on a PCI-compliant server. Credit card processing is the foundation of any retail business. Level 1: Applies to merchants processing more than six million real-world credit or debit card. Credit card processing services are explicitly excluded from the requirements of HIPAA. 10to8 is an appointment scheduling software that helps businesses communicate with their clients efficiently, reducing no-shows and effectively managing time-consuming admin tasks. Upon discovery of the breach, the email account was immediately. Being HIPAA compliant when dealing with payment processing is absolutely essential in healthcare. Get Started Free. Here is the list of the best HIPAA compliant solutions: Files. 2. PCI DSS was created to increase controls around cardholder data to reduce credit card fraud. It becomes individually identifiable health information when identifiers are included in. com supplies customers with a Business Associate Agreement to enforce HIPAA compliance. Automated invoicing. Payment processing. This includes administrative safeguards, technical safeguards, and physical safeguards. Doxy. EMV, which is named after its original developers (Europay, MasterCard and Visa), is a global credit card standard that enhances the security of in-person card transactions. 2 calls for regular vulnerability scanning from an ASV. It is the process that allows customers to pay for your products through various payment options, such as credit cards or mobile payments. Most importantly, it allows you to include various payment providers enabling customers to enter the necessary information and confirm the transaction themselves. Health plans (including insurers, HMOs, Medicaid, Medicare prescription drug card. Also, if an organization doesn’t store credit card data, but cardholder data does pass through its server, it must comply with PCI requirements. Your organization should keep all physical copies under lock and key. The major credit card companies – Visa, Mastercard, and American Express – established Payment Card Industry Data Security Standards (PCI DSS) guidelines in. . HIPAA-related incidents have been growing in recent years. Payment Depot: Best for High Transaction Volume. The 12 security requirements for PCI DSS v3. The PJ&A data The PJ&A data breach is the second-largest healthcare data breach of 2023, having affected at least 8,952,212 individuals, including patients of Cook County Health in Illinois and Northwell Health in New York. and this is especially true for healthcare debit and credit card payment processing systems. We DO NOT collect or store personal financial data, Social Security Numbers, National Insurance numbers, or government-issued ID numbers of any kind. LightEdge is a leading IT service management company and premier provider of compliant hosting, cloud computing, data protection and colocation services. This means consumers have the right for their credit reports to be private and include only accurate information. This exemption regarding the relationship between HIPAA and credit card processing applies only to the actual card processing services. In. In addition, business associates of covered entities must follow parts of the HIPAA regulations. was $199,200, which means your medical practice credit card processing fees over 30 years would add up to nearly four one-family homes. SOC 2 + HIPAA - An independent third-party audit firm has examined the description of the system related to Application Development,. 100 million card transactions per month. Use HIPAA-compliant forms to gather the financial information you need for billing and payment processing. TransAct Ensures Your Credit Card Processing is HIPAA and PCI Compliant. The issue of how to secure patient information and PHI is challenging because HIPAA does not require all patient information to be secured. HIPAA compliance is a process you complete internally, and failure to do so results in penalties and fines. If your business accepts payment cards with any of the five members of the PCI SSC credit card brands — Visa, Mastercard, Discover, American Express, Discover, JCB — then you are required to be PCI compliant within various levels, as determined by your transaction volume. It becomes individually identifiable health information when identifiers are included in. Almost 9 million patients have been affected by a cyberattack on the transcription service provider, Perry Johnson & Associates. Online: 2. The first step is to assess your current payment processes and system security. Secure Customer Service Cover your bases. Square: Best For New Startups. 2. Leaders Merchant Services – Negotiable pricing model for healthcare practices backed by a money-saving guarantee. The latter certifies Interfax’s compliance in processing, storing, and transmitting credit card information. As a credit card processor, Helcim frequently receives inquiries from healthcare providers about HIPAA compliance. Each SAQ includes a list of security standards that businesses must review and follow. PCI DSS follows common-sense steps that mirror security best practices. 1. Free data import support. Billing for self-pay or insurance sessions, you must have a HIPAA-compliant billing process, understand the requirements and how to stay compliant Rectangle Health is a merchant account provider that offers point-of-sale solutions and payment processing services for hospitals, dentists, insurers, and other healthcare facilities. Practice Management, EMR, Billing and Telehealth Software with secure and HIPAA compliant video conferencing for therapists: mental health, speech therapists, occupational therapists, physical. PCI compliance applies globally to every merchant who accepts credit cards, debit cards, or prepaid cards. We call these entities. Get started free. Our HIPAA compliant payment processing are designed to provide you with everything you need to accept payments seamlessly and. Payment solutions for your business. Acknowledgment Card Processing. [We will be publishing reviews of three remote payment processors that can be used in a HIPAA-compliant manner in the next installment of Let’s Get Technical . Rectangle Health offers a multi-year contract with a conditional early termination fee. PCI DSS is mandated by the Card Schemes and administered by the Payment Card Industry Security Standards Council. PCI compliance is the term used to ensure that you are meeting security standards when accepting payments. PayPal. Looking required HIPAA-compliant loan card processing? Here’s what your need to know about healthcare making & HIPAA, plus the 7 best select. (Fattmerchant) Stax: Best for High-Volume Sellers. September 09, 2013 - While a healthcare organization keeping a patient’s credit card information on file may ease paperwork burdens on both sides and can help a provider ensure a patient pays. Obtain a Business Associate Agreement With Your Processor: If your credit card processor only provides credit card processing, there is an exception in HIPAA that means you don’t need a typical Business Associate Agreement with your credit card processor. PCI DSS is a multifaceted security standard that includes requirements for security management, policies and procedures, network architecture, software design, and other critical. Encrypted Forms. Our credit card gateway allows you to enter credit card data in one of two ways: keying in the information manually or swiping the card with a USB. Easily Export to the Patient's Record. TheraNest is HIPAA compliant. These companies include (among others) American Express, Discover, MasterCard, and VISA. Simply. Some solutions, such as Ivy Pay, offer clients the ability to pay using their health savings account (HSA card) or flexible spending account (FSA card). Take the following steps to make data breaches as unlikely as possible: When you process a patient’s. The Attestation of Compliance (AOC) produced by the QSA is available for download. From technical requests to insurance billing questions, practitioners lean on our customer support team to get the most out of. Compliance requirements: HIPAA. Credit card. They are a medical practice technology and support platform. US healthcare organizations and partners. Health. 1. 15. A business associate (BA) is a person or entity that performs certain functions that involve the use or disclosure of patient heath information (PHI) (e. The major credit card companies – Visa, Mastercard, and American Express – established Payment Card Industry Data Security Standards (PCI DSS) guidelines in. Learn how to adopt HIPAA-compliant payment processing for your medical services, including Square, a BAA, and encryption technology. Credit card payments using a traditional POS terminal are typically HIPAA-compliant. Jotform Secure Online Forms. This means businesses of all sizes, from a corner coffee shop to a multinational designer. It was created to better control cardholder data and reduce credit. The first thing you have to check is whether they follow Payment Card Industry Data Security Standards ( PCI DSS ). Research your credit card processor’s PCI compliance. Compare verified user ratings & reviews to find the best match for your business size, need & industry. To ensure full compliance, there are 12 key requirements, 78 base requirements, and 400 test procedures. Do. The PCI Security Standards Council established a 12-item checklist for PCI compliance (more on that below).