PCI stands for Payment Card Industry, and PCI compliance is a set of security standards, endorsed and developed by major credit card providers, put in place to help facilitate the broad adoption of consistent data security measures on a global basis.
There are 12 base requirements for PCI compliance, broken into six catagories:
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
PCI Compliance may sound complicated at first, but in reality it is merely an industry security standard for any server that accepts, processes, or stores credit card information. The main purpose with getting your server PCI Compliant is to ensure your server and the information your customers give you, such as credit card information, is kept secure and safe by establishing common processes and precautions for handling, processing, storing and transmitting credit card data.
If your company processes or stores customer credit card information, it needs to comply with the standards set by the Payment Card Industry.
Not only does this ensure the security of your data, but you can proudly display a symbol on your site announcing the fact that you are PCI Compliant to bring a sense of security to your customers.
While non-compliance penalties also vary among major credit card networks, they can be substantial. Participating companies can be barred from processing credit card transactions, higher processing fees can be applied; and in the event of a serious security breach, fines of up to $500,000 can be levied for each instance of non-compliance.
Since compliance validation requirements and enforcement measures are subject to change, merchants and service providers should closely monitor the requirements of all card networks in which they participate.