What is PCI DSS?
The Payment Card Industry (PCI) Data Security Standard details security requirements for members, merchants and service providers that store, process or transmit cardholder data.
More PCI FAQSWho does this apply to and who must comply?
ALL merchants that process, store or transmit payment cardholder data must be PCI DSS compliant.
I need to become compliant! Now what?
We make the entire process as easy as possible. There are four basic steps to achieve compliance, in which we outline the details in
The Process section of this site.
Minnesota becomes first state to make core PCI requirements a law! Under Minnesota state law, any company that suffers a data breach and is found to have been storing prohibited card data on its systems will be required to reimburse banks for all costs incurred (including fines) and will also be subject to private action brought by affected individuals. According to reports, Massachusetts and Texas are soon to follow by enacting similar law.
Paypal and PCI
Website Payment Pro, Payflow Pro and Virtual Terminal users:
(Paypals statement regarding PCI compliance)
This is a must read!
read now
The PCI Standard
Build and Maintain a Secure Network1. Install and maintain a firewall configuration to protect data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect Cardholder Data
3. Protect stored data.
4. Encrypt transmission of cardholder data and sensitive information across public networks.
Maintain Vulnerability Management Program
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications.
Implement Strong Access Control Measures
7. Restrict access to cardholder data by business need-to-know
8. Assign unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an Information Security Policy
12. Maintain a policy that addresses information security