Blog

Launching a digital business involves many decisions, but one of, if not the most critical decision that merchants must make is the process by which they become compliant with the Payment Card Industry Data Security Standards (PCI DSS), PCI DSS are in place to minimize credit card fraud via exposure.

The PCI standards outline how digital merchants need to protect personal information and secure payment transactions, no matter how small or large the merchant is. It covers six key areas, with multiple requirements in each area.

The Six Categories of PCI Standards

Build and Maintain a Secure Network

• Install and maintain a firewall configuration to protect cardholder data
• Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

• Protect stored cardholder data
• Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

• Use and regularly update anti-virus software on all systems commonly affected by malware
• Develop and maintain secure systems and applications

Implement Strong Access Control Measures

• Restrict access to cardholder data by business need-to-know
• Assign a unique ID to each person with computer access
• Restrict physical access to cardholder data

Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data

• Regularly test security systems and processes

Maintain an Information Security Policy

• Maintain a policy that addresses information security

Equally important as the actual security policies in place is instilling a corporate culture that augments and supports the PCI DSS standard to minimize incidents like the Sony PlayStation Network security breach.

The Latest PCI Data Security Rules

Despite all the literature, PCI remains an opaque issue, yet fundamental to every company that takes some form of credit and debit card payment for their service. New guidance and clarifications in PCI compliance – known as PCI DSS 2.0 – is now upon us, and while the changes aren’t huge from the previous version, understanding them and their impact to your online business is critical.

PCI Compliance Enforcement

There are numerous costs – with financial and business implications – associated with non-compliance, ranging from fees from your acquiring bank to the actual liability of putting cardholder data at risk. There are various levels of PCI DSS compliance and Vindicia, as a Level 1 Service Provider, goes through the highest audit bar every year, as we’ve done for the past six. Learn more about how PCI compliance is enforced.