PCI Compliance — The Long and Skinny of it
PCI Compliance or Payment Card Industry Data Security Standard (PCI DSS) is a set of standards and best practices for you to ensure your business’s credit card payments are secure. PCI Compliance is not yet required by federal law, so you will not face any criminal charges. However, if your business is NOT compliant and you DO experience a data breach, you have put your customers at risk, and you COULD be held liable.
To avoid fines and protect yourself and your customers from risk follow the below standards:
Build and Maintain a Secure Network
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
- Implement strong access control measures
- Regularly monitor and test networks
Implement Strong Access Control Measures
- Restrict access to cardholder data by business need to know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
Regularly Monitor and Test Networks
- Track and monitor all access to the network resources and cardholder data
- Regularly test security systems and processes
Maintain an Information Security Policy
- Maintain a policy that addresses information security for all personnel
You don’t have to tackle the PCI Compliance challenge on your own. Avoid the headache and give us a call!