PCI Compliance is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. The PCI Security Standards Council was created in 2006 as a joint effort of Visa, MasterCard, American Express and Discover to develop and manage the PCI security standards.
The PCI Security Standards require companies to deploy and maintain a number of security measures, including firewalls, intrusion detection/prevention systems, anti-virus software and secure access control methods. In order to ensure compliance, companies are regularly audited by an accredited assessor.
Noncompliance with the PCI Security Standards can result in significant financial penalties. For example, in 2010, Heartland Payment Systems was fined $10 million for a data breach that exposed credit card information of over 130 million people.
PCI Compliance is important because it helps protect consumers from identity theft and fraud. By complying with the PCI Security Standards, companies can ensure that their customers’ credit card information is secure.
If you’re a business owner, it’s important to understand the PCI Security Standards and ensure that your business is compliant. If you’re not sure if your business is compliant, you can contact an accredited assessor for help.
What are the 12 requirements of PCI compliance?
The 12 requirements of PCI compliance are:
1) Install and maintain a firewall configuration to protect cardholder data
2) Do not use vendor-supplied defaults for system passwords and other security parameters
3) Protect stored cardholder data
4) Encrypt transmission of cardholder data across open, public networks
5) Use and regularly update anti-virus software
6) Develop and maintain secure systems and applications
7) Restrict access to cardholder data by business need-to-know
8) Assign a unique ID to each person with significant responsibility for PCI compliance
9) Track and monitor all access to cardholder data
10) Regularly test security systems and processes
11) Maintain a policy that addresses information security
12) Train employees in information security policies and procedures
