Achieving PCI Compliance
What is PCI compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. In general, PCI compliance is required by credit card companies to make online transactions secure and protect them against identity theft. Any merchant that wants to process, transmit or store credit card data is required to be PCI compliant, according to the PCI Compliance Security Standard Council, www.pcisecuritystandards.org/.
Six categories of PCI compliance
The PCI Compliance Security Standard Council, who oversees the security standards for merchants, identifies six categories of regulations to follow. Please note that these are high-level descriptions of the requirements and you can contact your payment processor or visit the PCI standards website for more specific information.
1. Secure card processing network
- Install firewalls to protect sensitive data, like credit card numbers
- Change the default passwords for any new hardware, software, or system updates immediately
2. Protect all cardholder information
- Put proper security and access controls around any cardholder data stored
- Use encryption when transmitting data across public or open networks
3. Protect your systems against malware
- Regularly update antivirus and other security software
- Maintain secure systems and applications
4. Put access control measures in place
- Ensure only authorized personnel have access to cardholder data
5. Monitor and test your networks
- Monitor and track anyone who has access to cardholder data
- Test security systems and procedures for flaws or vulnerabilities
6. Create and maintain an information security policy
- Share an information security policy that clearly sets out how your organization deals with PCI DSS and the responsibilities of employees and contractors