PCI Compliance – Peace of Mind for your Business

All merchants who accept payment cards are required to comply with the Payment Card Industry Data Security Standard (PCI DSS) which is designed to protect cardholder data against the risk of a security breach.

The PCI Security Standards Council is responsible for the development, management, education, and awareness of the PCI DSS. The Council maintains that: “Compliance with data security standards can bring major benefits to businesses of all sizes, while failure to comply can have serious and long-term negative consequences.”

Security Requirements

The size of your business will determine the specific compliance requirements that must be met; there are however some general rules you must follow to become compliant:

1.    Build and maintain a secure network

  • Install and maintain a firewall
  • Use unique, high-security passwords

2.    Protect cardholder data

  • Protect stored cardholder data
  • Encrypt data passed across public networks, including your shopping cart and web-hosting providers

3.    Maintain a vulnerability management program

  • Use anti-virus software and keep it up-to-date
  • Develop and maintain secure operating systems and payment applications

4.    Implement strong  access control measures

  • Access – both electronic and physical – to cardholder data should be on a need-to-know basis
  • Assign a unique ID and password to each user; do not share login information

5.    Regularly monitor and test networks

  • Track and monitor all access to networks and cardholder data
  • Regularly test security systems and processes such as firewalls, patches, and anti-virus software

6.    Maintain an information security policy

  • It’s critical that your organization maintains a policy that addresses information security and is updated regularly

Further Information

PCI Security Standards Council
Visa Europe: Payment security
Visa Canada: Account Information Security
MasterCard Academy of Risk Management: PCI 360 Webinar Series

pdfLearn more by downloading our free PCI compliance free whitepaper.