What is PCI DSS?
PCI DSS stands for Payment Card Industry Data Security Standard. PCI DSS was founded by five major card networks – American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa Inc. – and the standard is published and controlled by the independent PCI Security Standards Council on behalf of its founders.
Merchants and service providers who transmit, process or store card data must comply with PCI DSS. While compliance is not a law, it is applied and enforced through contractual obligation by payment providers.
How PCI Compliance Works
PCI DSS outlines 12 requirements:
- Install and maintain a firewall configuration to protect data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored data
- Encrypt transmission of cardholders data sensitive information across public networks
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications
- Restrict access to data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security
Clearly, significant IT support is needed to meet these requirements, IT support that may be out of reach of many local businesses. Using a payment gateway allows you to buy-in much of this IT support. By shifting responsibility for meeting the technical requirements of PCI DSS you may be able to comply with PCI DSS through self-assessment.
Keeping up with changes in ecommerce protocols and how they might affect your business online can be time consuming and confusing, we hope this quick guide has helped up. Why not sign up to Sproutee’s free RSS Feed to keep up to date!