All businesses that accept electronic payments must comply with the Payment Card Industry Data Security Standard (PCI-DSS). It doesn’t matter how small or how large you are. If you accept credit card payments, the requirements apply to you.

Because of the complexity of PCI-DSS requirements and the level of technical detail, many merchants are choosing to partner with a company that specializes in data security. Compliance Services offers a high-level understanding of the myriad of specific issues that confront today’s electronically enabled merchant.

The full PCI-DSS is available at the PCI SSC’s website at:
www.pcisecuritystandards.org/security_standards/pci_dss.shtml

Summary PCI DSS Objectives and Requirements

Build and Maintain a Secure Network

• Requirement 1: Install and maintain a firewall configuration to protect data
• Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

• Requirement 3: Protect stored data
• Requirement 4: Encrypt transmission of cardholders’ sensitive information across public networks

Maintain a Vulnerability Management Program

• Requirement 5: Use and regularly update anti-virus software
• Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

• Requirement 7: Restrict access to data by business need-to-know
• Requirement 8: Assign a unique ID to each person with computer access
• Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks

• Requirement 10: Track and monitor all access to network resources and cardholder data
• Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy

• Requirement 12: Maintain a policy that addresses information security

Let’s examine just the first three requirements and what they mean to you.
Requirement 1
Requirement 2
Requirement 3