Are you PCI compliant? Have you completed the twelve basic requirements that all merchants must adhere to be considered compliant with the PCI DSS?
We have broken down each requirement to help guide you on your way to becoming PCI Compliant.
Understanding PCI & Its Requirements
The PCI Security Standards were put in place in order to securely protect cardholder data. These standards or requirements are strictly enforced for all merchants, no matter their size or the number of transactions they process. Understanding the requirements of PCI can be quite confusing at times, so let’s take a quick look at the “ins and outs” of PCI compliance, and how you can take the first step towards your business being compliant.
Compliance with the Payment Card Industry (PCI) data security standard is a requirement for all merchants that process, store or transmit credit card data, no matter their business type. All major credit card brands have taken the step to endorse and support The PCI standard through their respective data security programs.
To make sure that you and your business are compliant with the PCI Security Standards, we have broken down twelve basic requirements that all merchants must adhere to be considered compliant:
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
In addition to compliance requirements, businesses are also required to maintain proper certification, or validation, of compliance by demonstrating it. Panoptic Security, a partner of myPCI, has invested in an interactive PCI portal that will walk you through each step of the certification process.
From selecting and completing a self-assessment questionnaire and conducting vulnerability scanning, we can help you through the entire process and make accepting credit cards that much easier.