Menu
PCI Compliance refers to the process of adhering to the Payment Card Industry Data Security Standard (PCI DSS), which is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. By being PCI compliant, businesses can effectively minimize the risk of data breaches and protect sensitive cardholder information.
The PCI DSS is maintained by the Payment Card Industry Security Standards Council (PCI SSC), an independent body established by the major credit card brands, including Visa, Mastercard, American Express, Discover, and JCB.
Build and maintain a secure network and systems:
Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect cardholder data:
Requirement 3: Protect stored cardholder data.
Requirement 4: Encrypt transmission of cardholder data across open, public networks.
Maintain a vulnerability management program:
Requirement 5: Protect all systems against malware and regularly update antivirus software or programs.
Requirement 6: Develop and maintain secure systems and applications.
Implement strong access control measures:
Requirement 7: Restrict access to cardholder data by business need-to-know.
Requirement 8: Identify and authenticate access to system components
