PCI Compliance

PCI compliance is the strict adherence to the guidelines of the Payment Card Industry Data Security Standard (PCI DSS), required for all businesses that accept credit card payments. The Payment Card Industry Security Standards Council is the body that holds businesses responsible for this compliance. The PCI council offers different training sessions and courses for businesses, as well as simple quizzes they can take to test their level of compliance.

PCI also provides access to assessors (often third-party security organizations), which review businesses for PCI compliance. The PCI Security Standards Council also makes sure that Qualified Security Assessors are regularly certified and approved so that they’re held to a high compliance standard themselves.

PCI also provides standards for PTS (PIN Transaction Security) devices, which are the hardware on which card transactions occur. On the PCI Security Standards website is a list of PCI-approved PTS devices, which also have security policies. These devices must not be expired if a business is going to use them.

Twelve requirements for PCI compliance

The Security Standards Council has laid twelve standards that each card-accepting business must follow:

  • Implementing firewalls at company network
  • Practicing best habits for good passwords, not just the bare minimum or default passwords
  • Encrypting both credit card information and encryption keys
  • Encrypting data in motion (while it’s crossing public networks)
  • Utilizing up-to-date antivirus solutions
  • Securing the entire network, including software/applications
  • Only allowing employees to access card information if absolutely necessary
  • Giving every employee their own computer/system access code, username, and/or password
  • Restricting access to hardware or other equipment in which card data is kept
  • Monitoring system access, including keeping records of every time an employee accesses card information
  • Testing security protocols frequently
  • Providing a security policy not only to employees but also to third parties and documenting card data storage, transmission, and access. One other important note about these documents and logs: other legal standards, such as the GDPR and CCPA, will likely also require that organizations document all sensitive data use and transmission, so it’s doubly important to keep detailed records.

Possible consequences of PCI non-compliance

Failure to comply with these stringent requirements increases the risk of a data breach. It also increases the chance of losing reputation and customer trust. Encrypting data and restricting access to it, on the other hand, provides more safety to a business. Although strictly following PCI standards doesn’t mean a company is immune to attacks and breaches, it does mean their fines and any legal action will likely be lessened.

Cybercrimes, including credit card data theft, are becoming much easier for criminals to commit. Complying with PCI standards is the best practice for a business wishing to operate legally and keep a satisfied customer base.

Jenna Phipps
Jenna Phipps
Jenna Phipps is a writer for Webopedia.com, Enterprise Storage Forum, and CIO Insight. She covers data storage systems and data management, information technology security, and enterprise software solutions.

Related Articles

Human Resources Management System

A Human Resources Management System (HRMS) is a software application that supports many functions of a company's Human Resources department, including benefits administration, payroll,...

How To Defend Yourself Against Identity Theft

Almost every worldwide government agency responsible for identity theft issues will tell you the same thing: The first step to fighting identity theft is...


An infographic is a visual representation of information or data. It combines the words information and graphic and includes a collection of imagery, charts,...


What is phishing? Phishing is a type of cybercrime in which victims are contacted by email, telephone, or text message by an attacker posing as...


ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...


Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...