What is PCI DSS?

The Payment Card Industry (PCI) Data Security Standard details security requirements for members, merchants and service providers that store, process or transmit cardholder data.

More PCI FAQS

Who does this apply to and who must comply?
ALL merchants that process, store or transmit payment cardholder data must be PCI DSS compliant.

read more

I need to become compliant! Now what?
We make the entire process as easy as possible. There are four basic steps to achieve compliance, in which we outline the details in
The Process section of this site.

read more

 

Minnesota becomes first state to make core PCI requirements a law! Under Minnesota state law, any company that suffers a data breach and is found to have been storing prohibited card data on its systems will be required to reimburse banks for all costs incurred (including fines) and will also be subject to private action brought by affected individuals. According to reports, Massachusetts and Texas are soon to follow by enacting similar law.

Paypal and PCI

Website Payment Pro, Payflow Pro and Virtual Terminal users:
(Paypals statement regarding PCI compliance)
This is a must read!   read now

The PCI Standard

Build and Maintain a Secure Network

1. Install and maintain a firewall configuration to protect data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect Cardholder Data

3. Protect stored data.
4. Encrypt transmission of cardholder data and sensitive information across public networks.

Maintain Vulnerability Management Program

5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications.

Implement Strong Access Control Measures

7. Restrict access to cardholder data by business need-to-know
8. Assign unique ID to each person with computer access
9. Restrict physical access to cardholder data

Regularly Monitor and Test Networks

10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes

Maintain an Information Security Policy

12. Maintain a policy that addresses information security