PCI Compliance – Understanding How It Works

To help merchants fully understand the need for PCI Compliance, My PCI is making strong efforts to help our clients understand how everything works throughout the sometimes confusing process.

Compliance with the Payment Card Industry (PCI) data security standard is a requirement for all merchants that process, store or transmit credit card data. These requirements apply to all payment channels, regardless of industry or business type, including traditional retailers, mail order, pay-by-phone, and e-commerce merchants too. The PCI standard has been endorsed by all major credit card brands by their respective data security programs.

Ensuring PCI compliance means adhering to a set of twelve basic requirements, which fall within the following categories:

Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security

In addition to compliance requirements, businesses are also required to maintain proper certification, or validation, of compliance by demonstrating it. Sysnet Global Solutions, the partner of My PCI and its interactive PCI portal walks you through each step of the certification process. From selecting and completing a self-assessment questionnaire and conducting vulnerability scanning to preparing security policy documents, we can help through the entire process and make accepting credit cards that much easier.

Welcome to PCI Plus, our new merchant PCI program. We will reach out to you in the near future with more details and the steps we have created to simplify the compliance process. Until then, feel free to email us at compliance@hbms.com