PCI compliance can be confusing, but it is critical that merchants understand and follow the requirements
Data breaches, including credit card breaches, are alarming both because of the theft of confidential financial information, and because they seem to occur far too frequently.
Every business owner or merchant that accepts or processes credit cards is required to comply with, and maintain compliance with, the Payment Card Industry (PCI) standards, no matter whether their business is large or small.
PCI compliance can be confusing, but it is critical that merchants understand and follow the requirements. This blog post provides a high-level overview of the four main areas of the PCI security standards:
- PCI data security provisions apply to any merchant that accepts or processes credit cards, and includes requirements to build and maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks, and maintain an information security policy.
- PCI PIN transaction requirements focus on devices used to obtain cardholder PINs, and the PCI council has identified a list of approved PIN devices.
- Payment application data security standard requirements apply payment applications that are used to store, process or transmit cardholder information.
- Point-to-point encryption requirements are designed to securely encrypt cardholder data so that it would be unreadable if accessed by an unauthorized third party.
Complying with the requirements may seem overwhelming, but it boils down to business owners simply taking reasonable steps to protect customers’ information.
While this post addresses key components of PCI compliance, there are other components and requirements. Contact us to learn how we can help you maintain data security and remain compliant.