PCI Compliance

Payment Card Industry Data Security Standards (PCIDSS)

PCI Compliance defines the standard for securing Visa and MasterCard cardholder data, wherever it is located. Compliance is required of all entities storing, processing, or transmitting cardholder data. Acquiring Banks must comply with PCI and are responsible for ensuring the compliance of their merchants for all payment channels, including retail (brick-and-mortar), mail/telephone-order, and ecommerce.

The PCI Requirements

A defined list of 12 basic security requirements with which all Merchants must comply and detailed sub-requirements, which tie back to the basic requirements:

1. Install and maintain a working firewall to protect data
2. Keep security patches up-to-date
3. Protect stored data
4. Encrypt data sent across public networks
5. Use and regularly update anti-virus software
6. Restrict access by "need to know"
7. Assign unique ID to each person with computer access
8. Don't use vendor-supplied defaults for passwords and security parameters
9. Track all access to data by unique ID
10. Regularly test security systems and processes
11. Implement and maintain an information security policy
12. Restrict physical access to data

PCI Compliance Resources:

• Data Security - Made Easier
• PCI Questionaires
• PCIDSS Handbook
• PCI Compliance Books
• PCI Compliance Scans
• Business Exchange
• PCI Data Security Standards
• MasterCard
• VISA
• Website Security News
• Website Security Articles
• PCI Security References
• Free Downloads