What is PCI Compliance?

What is PCI Compliance?

PCI stands for Payment Card Industry, and PCI compliance is a set of security standards, endorsed and developed by major credit card providers, put in place to help facilitate the broad adoption of consistent data security measures on a global basis.

There are 12 base requirements for PCI compliance, broken into six catagories:

Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security

PCI Compliance may sound complicated at first, but in reality it is merely an industry security standard for any server that accepts, processes, or stores credit card information. The main purpose with getting your server PCI Compliant is to ensure your server and the information your customers give you, such as credit card information, is kept secure and safe by establishing common processes and precautions for handling, processing, storing and transmitting credit card data.

If your company processes or stores customer credit card information, it needs to comply with the standards set by the Payment Card Industry.

Not only does this ensure the security of your data, but you can proudly display a symbol on your site announcing the fact that you are PCI Compliant to bring a sense of security to your customers.

While non-compliance penalties also vary among major credit card networks, they can be substantial. Participating companies can be barred from processing credit card transactions, higher processing fees can be applied; and in the event of a serious security breach, fines of up to $500,000 can be levied for each instance of non-compliance.

Since compliance validation requirements and enforcement measures are subject to change, merchants and service providers should closely monitor the requirements of all card networks in which they participate.