What is PCI Compliance?

PCI Compliance is a set of regulations that businesses must adhere to in order to protect customer payment information. The PCI Security Standards Council sets the regulations, which include requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.

Who Needs to be PCI Compliant?

Any business that processes, transmits or stores credit card data is required to be PCI compliant. This includes companies that accept online payments, process transactions over the phone or in person, store customer payment information for tax purposes or any other reason and/or allow employees access to the information.

Why is PCI Compliance Important?

The majority of businesses are required to be PCI compliant because they either store or process credit card data. By adhering to the PCI Security Standards, businesses can help protect their customers from identity theft and other credit card fraud. In addition, being PCI compliant can help businesses avoid costly fines and penalties from card companies if payment information is compromised.

What are the PCI Compliance Requirements?

PCI compliance requirements vary depending on the size and needs of each business. There are 12 Requirements in total, which consist of:

1. Build and Maintain a Secure Network

2. Protect Cardholder Data - Encryption & Tokenization

3. Maintain a Vulnerability Management Program

4. Implement Strong Access Control Measures

5. Regularly Monitor and Test Networks

6. Maintain an Information Security Policy

7. Require Secure Access Authentication

8. Track and Monitor Access to Network Resources & Cardholder Data

9. Regularly Scan for and Patch Vulnerabilities

10. Develop and Maintain Secure Systems and Applications

11. Restrict Access to Cardholder Data by Business Need-to-Know

12. Regularly Test Security Controls

How Can I Become PCI Compliant?

Businesses can become PCI compliant by working with a Qualified Security Assessor (QSA). A QSA can help businesses develop and implement a security strategy that meets the PCI Security Standards. In addition, a QSA can conduct on-site security assessments and provide actionable reports to businesses helping them identify their security strengths and weaknesses.

How Can I Improve My PCI Compliance?

PCI compliance is becoming more important as more companies transition to electronic payments such as credit cards and ecommerce sites. To improve your PCI compliance, you should work with a QSA to ensure that you are following the necessary security practices. Each year, businesses must show compliance through an annual self-assessment Questionnaire (SAQ). The SAQ is only available online through the official PCI Security Standards website.