PCI Compliance

PCI compliance is the strict adherence to the guidelines of the Payment Card Industry Data Security Standard (PCI DSS), required for all businesses that accept credit card payments. The Payment Card Industry Security Standards Council is the body that holds businesses responsible for this compliance. The PCI council offers different training sessions and courses for businesses, as well as simple quizzes they can take to test their level of compliance.

PCI also provides access to assessors (often third-party security organizations), which review businesses for PCI compliance. The PCI Security Standards Council also makes sure that Qualified Security Assessors are regularly certified and approved so that they’re held to a high compliance standard themselves.

PCI also provides standards for PTS (PIN Transaction Security) devices, which are the hardware on which card transactions occur. On the PCI Security Standards website is a list of PCI-approved PTS devices, which also have security policies. These devices must not be expired if a business is going to use them.

Twelve requirements for PCI compliance

The Security Standards Council has laid twelve standards that each card-accepting business must follow:

  • Implementing firewalls at company network
  • Practicing best habits for good passwords, not just the bare minimum or default passwords
  • Encrypting both credit card information and encryption keys
  • Encrypting data in motion (while it’s crossing public networks)
  • Utilizing up-to-date antivirus solutions
  • Securing the entire network, including software/applications
  • Only allowing employees to access card information if absolutely necessary
  • Giving every employee their own computer/system access code, username, and/or password
  • Restricting access to hardware or other equipment in which card data is kept
  • Monitoring system access, including keeping records of every time an employee accesses card information
  • Testing security protocols frequently
  • Providing a security policy not only to employees but also to third parties and documenting card data storage, transmission, and access. One other important note about these documents and logs: other legal standards, such as the GDPR and CCPA, will likely also require that organizations document all sensitive data use and transmission, so it’s doubly important to keep detailed records.

Possible consequences of PCI non-compliance

Failure to comply with these stringent requirements increases the risk of a data breach. It also increases the chance of losing reputation and customer trust. Encrypting data and restricting access to it, on the other hand, provides more safety to a business. Although strictly following PCI standards doesn’t mean a company is immune to attacks and breaches, it does mean their fines and any legal action will likely be lessened.

Cybercrimes, including credit card data theft, are becoming much easier for criminals to commit. Complying with PCI standards is the best practice for a business wishing to operate legally and keep a satisfied customer base.






Jenna Phipps
Jenna Phipps is a contributor for websites such as Webopedia.com and Enterprise Storage Forum. She writes about information technology security, networking, and data storage. Jenna lives in Nashville, TN.

Top Articles

The Complete List of 1500+ Common Text Abbreviations & Acronyms

From A3 to ZZZ we list 1,559 SMS, online chat, and text abbreviations to help you translate and understand today's texting lingo. Includes Top...

Windows Operating System History & Versions

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

Generations of Computers (1st to 5th)

Reviewed by Web Webster Learn about each of the 5 generations of computers and major technology developments that have led to the computing devices that...

Pardot

What is Pardot? Pardot is a B2B marketing automation (MA) solution by Salesforce that...

Veeam

Veeam Software is a global vendor...

Akamai

Akamai Technologies is a global web technology company specializing in content...