What is PCI Compliance?

The PCI Data Security Standard (PCI DSS) is a set of rules meant to ensure that all companies safely accept, process, store, or transmit credit card information.

PCI DSS is managed by the PCI Security Standards Council. The council is an independent body founded by American Express, Visa, Discover Financial Services, JCB International, and MasterCard Worldwide, the five largest credit card companies.  The PCI Security Standards Council launched in 2006 to improve the security of the transaction process and payment technology life cycle as a whole.

The PCI Council and its founders believe that sellers and organizations that accept credit cards are responsible for the security of their transactions. This is why it’s crucial that highly secure technologies and measures are in place to prevent theft of cardholder data.

Why is PCI Compliance Important?

Credit card fraud is a serious threat all around the world. The Nilson Report, which covers global payment systems, reported that global fraud losses totaled nearly $22 billion in 2015. That’s a 20.6% increase from 2014 totals and does not even include losses incurred by companies or card issuers. It is estimated that approximately 1 in 3 consumers across the world has been a victim of card fraud in the past five years. Many countries reported an increase in card fraud over the previous three consecutive years.

PCI compliance is so important because it places requirements on businesses that accept, process, store, or transmit credit card information. That’s why there are 12 PCI compliance requirements designed to meet specific security goals. These requirements protect cardholders from becoming victims of fraud.

The 12 PCI Compliance Requirements

The requirements laid out by the PCI Security Standards Council for complete PCI compliance represent common sense steps that reflect security best practices. These requirements meet specific goals that ensure the security of credit card transactions.

Goal: Build and Maintain a Secure Network

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters

Goal: Protect Cardholder Data

  1. Protect stored cardholder data
  2. Encrypt transmission of cardholder data across open, public networks

Goal: Maintain a Vulnerability Management Program

  1. Use and regularly update anti-virus software or programs
  2. Develop and maintain secure systems and applications

Goal: Implement Strong Access Control Measures

  1. Restrict access to cardholder data by business need to know
  2. Assign a unique ID to each person with computer access
  3. Restrict physical access to cardholder data

Goal: Regularly Monitor and Test Networks

  1. Track and monitor all access to network resources and cardholder data
  2. Regularly test security systems and processes

Goal: Maintain an Information Security Policy

  1. Maintain a policy that addresses information security for all personnel

 

Becoming PCI compliant and maintaining compliance can quickly become a complex process. It requires network security assessments, as well as software and hardware geared specifically towards PCI compliance standards. Businesses will also have to sign annual agreements with each credit card company guaranteeing their compliance.

If you don’t already have the internal expertise to handle such a process, it may not be a bad idea to speak with a third party with experience and knowledge in PCI compliance. In the Chicagoland area, 3Points is that third party. Our team of technicians and experienced compliance experts can set your business up with the processes and technology it needs to operate in the modern marketplace. Just reach out today to get the ball rolling.