PCI Compliance Definition & Meaning

PCI compliance is the strict adherence to the guidelines of the Payment Card Industry Data Security Standard (PCI DSS), required for all businesses that accept credit card payments. The Payment Card Industry Security Standards Council is the body that holds businesses responsible for this compliance. The PCI council offers different training sessions and courses for businesses, as well as simple quizzes they can take to test their level of compliance.

PCI also provides access to assessors (often third-party security organizations), which review businesses for PCI compliance. The PCI Security Standards Council also makes sure that Qualified Security Assessors are regularly certified and approved so that they’re held to a high compliance standard themselves.

PCI also provides standards for PTS (PIN Transaction Security) devices, which are the hardware on which card transactions occur. On the PCI Security Standards website is a list of PCI-approved PTS devices, which also have security policies. These devices must not be expired if a business is going to use them.

Twelve requirements for PCI compliance

The Security Standards Council has laid twelve standards that each card-accepting business must follow:

  • Implementing firewalls at company network
  • Practicing best habits for good passwords, not just the bare minimum or default passwords
  • Encrypting both credit card information and encryption keys
  • Encrypting data in motion (while it’s crossing public networks)
  • Utilizing up-to-date antivirus solutions
  • Securing the entire network, including software/applications
  • Only allowing employees to access card information if absolutely necessary
  • Giving every employee their own computer/system access code, username, and/or password
  • Restricting access to hardware or other equipment in which card data is kept
  • Monitoring system access, including keeping records of every time an employee accesses card information
  • Testing security protocols frequently
  • Providing a security policy not only to employees but also to third parties and documenting card data storage, transmission, and access. One other important note about these documents and logs: other legal standards, such as the GDPR and CCPA, will likely also require that organizations document all sensitive data use and transmission, so it’s doubly important to keep detailed records.

Possible consequences of PCI non-compliance

Failure to comply with these stringent requirements increases the risk of a data breach. It also increases the chance of losing reputation and customer trust. Encrypting data and restricting access to it, on the other hand, provides more safety to a business. Although strictly following PCI standards doesn’t mean a company is immune to attacks and breaches, it does mean their fines and any legal action will likely be lessened.

Cybercrimes, including credit card data theft, are becoming much easier for criminals to commit. Complying with PCI standards is the best practice for a business wishing to operate legally and keep a satisfied customer base.






Jenna Phipps
Jenna Phipps
Jenna Phipps is a contributor for websites such as Webopedia.com and Enterprise Storage Forum. She writes about information technology security, networking, and data storage. Jenna lives in Nashville, TN.

Top Articles

Huge List Of Texting and Online Chat Abbreviations

From A3 to ZZZ we list 1,559 text message and online chat abbreviations to help you translate and understand today's texting lingo. Includes Top...

How To Create A Desktop Shortcut To A Website

This Webopedia guide will show you how to create a desktop shortcut to a website using Firefox, Chrome or Internet Explorer (IE). Creating a desktop...

The History Of Windows Operating Systems

Microsoft Windows is a family of operating systems. We look at the history of Microsoft's Windows operating systems (Windows OS) from 1985 to present...

Hotmail [Outlook] Email Accounts

  By Vangie Beal Hotmail is one of the first public webmail services that can be accessed from any web browser. Prior to Hotmail and its...

Common Business-Oriented Language (COBOL)...

What is COBOL? COBOL stands for Common Business-Oriented Language. It is a 60-year-old programming...

Shared Hosting Definition &...

Shared hosting is a web hosting model in which multiple sites occupy the...

Database Integration Definition &...

Database integration consolidates data from multiple sources to provide businesses with more comprehensive...