This article provides a brief introduction to Payment Car Industry (PCI) compliance. Additional information about PCI compliance may be found on the PCI Security Standards Council website and other sources on the internet regarding PCI compliance.
What is PCI compliance?
PCI compliance is a Data Security Standard (PCI DSS) is a set of requirements compiled by the PCI Security Standards Council. The PCI Security Standards Council is made up of businesses associated with credit card providers, debit card providers, credit card/debit processors, and card pre-pay providers. The standards created by the PCI SCC are guidelines to process, store or transmit credit card information as well as maintaining a secure environment.
Listed below are 12 requirements needed for maintaining a secure PCI compliant operation
- All access to network resources and cardholder data tracked and monitored
- Firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Cardholder data stored must be protected
- Encrypted transmission of cardholder data across open, public networks
- Regularly updated anti-virus software
- Maintain secure systems and applications
- Restricted access to cardholder data by the business
- Unique ID assigned to each person with computer access
- Restricted physical access to cardholder data
- Security systems and processes regularly tested
- Information security policy maintained
Do I need my site to be PCI compliant?
Many sites do not need to be PCI compliant. If you have not been told that PCI compliance is absolutely necessary, you may not need it. The best approach is usually to evaluate the needs of your site and examine the list of requirements above.
If it is determined that you will need PCI compliance, you should work with your internal teams to come up with a strategy on how to become PCI compliant. Making sure your website is PCI compliant is not supported by Fastcomcorp Hosting Services. While we can assist with some aspects of PCI compliance, meeting the full requirements listed above will be up to you.