ATTENTION ALL BUSINESSES PROCESSING, STORING OR HANDLING CREDIT CARDS: What You Need To Know About PCI
PCI Compliance is shorthand for Payment Card Industry Data Security Standard (PCI DSS), and it is a set of legal requirements for any business that processes, stores or accepts credit card payments, even if they use a third-party processor. PCI was designed with one goal in mind: to prevent credit card fraud and identity theft. To that end, there are 12 compliance requirements and all must be implemented for a merchant to be certified as compliant.
Who's Behind It?
The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards. The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB).
What Are The Requirements To Comply?
Most of the 12 requirements are just common sense. For example, you never want to store your customers' credit card numbers in an unsecured media, like tape backups, and you want to use good, strong passwords for important web portals and system access.
Other parts of the compliance regulations are IT security measures you should have in place anyway, such as up-to-date firewalls, security patch management, encrypting cardholder data transmission, developing an in-house security policy and restricting access to your processing network. If IT security is not your core focus, then you probably want to bring in a team of pros (us!) to determine if you truly are meeting the compliance standards and to manage your network to ensure security stays updated.
How Do You Know If You're Compliant?
A full list of the requirements, along with a self-assessment, can be found on this web site: www.pcisecuritystandards.org. Even if the PCI security requirements weren't mandated by law, these are the kind of guidelines you would want to adopt anyway to ensure the security of your processing system and your customers' data
|