PCI is an acronym for Payment Card Industry. It dictates the security requirements of credit card processing, data storage and transmission. The PCI compliance standard (and its prequels) was created by the major players in the industry to prevent credit card theft through electronic means. Major credit card companies like Visa, Mastercard and American Express also require its members to be PCI Compliant.
PCI compliance has evolved over time with the addition of new security standards, procedures and technologies. Although it is updated frequently, many businesses are not aware that they have to comply or what steps need to be taken in order to remain compliant.
If you conduct business online or accept credit cards for your business, you will need to take the necessary steps and requirements in order to meet and remain PCI Compliant. Failure to do so can result in fines and penalties for non-compliance, the suspension of credit card processing privileges and even legal action by major credit card processors.
PCI compliance standards were updated again in early 2011 with the release of PCI DSS version 3.0. The new standard includes improved validation requirements for service providers, network segmentation and the use of Application Programming Interfaces (APIs) between merchants and service providers.
PCI compliance also puts restrictions on how credit card data is stored in the event that a security breach has been discovered or when a break-in is thought to have occurred. The following are the 6 PCI compliance standards that must be followed in order to remain compliant…
1.) Install and maintain a firewall configuration to protect cardholder data – Firewalls help keep out hackers which prevents theft of information.
2.) Do not use vendor-supplied defaults for system passwords and other security parameters – Management must use strong passwords.
3.) Protect stored cardholder data – This means that management must make sure anyone with access to or knowledge of your systems cannot see your sensitive customer information (card numbers, names, expiration dates). Most companies use an encryption system which scrambles the information making it unreadable even if someone were able to get the information through hacking.
4.) Encrypt transmission of cardholder data across open, public networks – Management must protect card data while in transit using encryption methods. This keeps the information from being intercepted by unauthorized parties when transmitted over the internet or other public networks.
5.) Use and regularly update anti-virus software – Malware can destroy data, disable computers and allow hackers to take over company systems. Management must have the proper software installed with scheduled updates to ensure that it is catching all types of malware which could harm your computer or network.
6.) Develop and maintain secure systems and applications – All management should be made aware of how their part of the system works so that they know how to troubleshoot and maintain security.