Attention All Businesses Processing, Storing Or Handling Credit Cards: What You Need To Know About PCI Compliance

Attention All Businesses Processing, Storing Or Handling Credit Cards:  What You Need To Know About PCI Compliance

PCI Compliance is short hand for Payment Card Industry Data Security Standard (PCI DSS), and it is a set of legal requirements for any business that processes, stores or accepts credit card payments, even if they use a third-party processor. PCI was designed with one goal in mind: to prevent credit card fraud and identity theft. To that end, there are 12 compliance requirements and all must be implemented for a merchant to be certified as compliant.

Who’s Behind It?

The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards. The PCI DSS is administered and managed by the PCI SSC (www. pcisecuritystandards. org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB).

What Are The Requirements To Comply?

Most of the 12 requirement s are just common sense. For example, you never want to st ore your customers’ credit card numbers in an unsecured media, like tape backups, and you want to use good, strong passwords for important web portal s and system access.

Other parts of the compliance regulations are IT security measures you should have in place anyway, such as up-to-date firewalls, security patch management, encrypting cardholder data transmi ssion, developing an in-house security policy and restricting access to your processing net work. If IT security is not your core focus, then you probably want to bri ng in a team of pros (us!) to determine if you truly are meeting the compliance standards and to manage your net work to ensure security stays updated.

How Do You Know If You’re Compliant?

A full list of the requirements, along with a self-assessment, can be found on this web site: www. pcisecuritystandards.org. But if you want to be certain, give us a call for a FREE Security Audit so we can look at your computer network and systems to see where your weaknesses lie. Even if the PCI security requirements weren’t mandated by law, these are the kind of guidelines you would want to adopt anyway to ensure the security of your processing system and your customers’ data.


Leave a comment!

You must be logged in to post a comment.

Find out how you can avoid malware attacks with our indispensable guideStart Reading
+