What is PCI Compliance?
“PCI compliance” refers to compliance with one or more of the Payment Card Industry’s (PCI) Security Standards which have been put in place to protect cardholder data against potential compromise. The PCI Security Standards Council (Council) currently maintains three standards:The PCI Data Security Standard (PCI DSS) is the standard to which merchants and service providers must adhere for the complete protection of cardholder payment data. If a business accepts or processes payment cards, it must comply with the PCI DSS. The Payment Application-Data Security Standard (PA-DSS) and PIN Entry Device (PED) security requirements support the overall implementation of PCI DSS by allowing merchants to choose from PCI l certified payment applications and PIN entry devices to further cardholder data security.
PCI stands for Payment Card Industry, and PCI compliance is a set of security standards, endorsed and developed by major credit card providers, put in place to help facilitate the broad adoption of consistent data security measures on a global basis. There are 12 base requirements for PCI compliance, broken into six catagories: Build and Maintain a Secure Network Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data Requirement 3: Protect stored cardholder data Requirement 4: Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program Requirement 5: Use and regularly update anti-virus software Requirement 6: Develop and maintain secure systems and applications Implement Strong Access Control Measures Requirement 7: Restrict access to cardholder data by business need-to-know Re
What is PCI DSS Compliance? PCI DSS. What does this mean? Does PCI DSS affect me? Well, if you sell a product or service and accept credit cards as a payment option then the answer is yes. Compliance is mandatory and failure to achieve compliance can result in fines, forensic investigation fees, inability to process credit cards and ultimately loss of trust from your customers and a damaged reputation! Ouch! Okay, enough of the scary stuff, let’s start with a little background and define the applicable terms before we get into what all of this really means to you; the business owner, compliance officer, security manger or the like. PCI DSS, or the Payment Card Industry Data Security Standard is the payment card industry’s (or credit card companies) generally accepted set of standards to protect cardholder information. Cardholder information is the data used to process credit card payments via the Internet, point of sale (POS) terminals or card-in-hand via the telephone or a swipe of th
