What is PCI Compliance?

Jordan Hall

By Jordan Hall
11th September 2009
Posted in Ecommerce Website Design

PCI refers to the Payment Card Industry.

PCI compliance, in this context, refers to complying with the PCI Data Security Standard.

Essentially, the PCI Data Security Standard is a worldwide security standard for information which was assembled by the PCI Security Standards Council. This standard requires a minimum level of security on servers and is designed to assist companies and organisation that deal with debit and/or credit card payments, in an attempt to reduce fraud.

PCI compliance applies to all entities which deal with information of card holders, either via the processing, holding or passing on of cardholder information. The PCI Data Security Standard (or DSS) requires the following of the network(s) and/or server(s) on which the cardholder information is sent through or stored.

  • A firewall configuration must be installed and maintained to protect cardholder details.
  • Default vendor access codes and passwords must not be used.
  • Card holder data must be protected and encrypted when sent over open, public networks.
  • Anti-virus software should be used and kept up to date on systems that are commonly vulnerable to malware.
  • Developed systems and software should beĀ  secure and ensure said security is maintained.
  • Access to cardholder data should be restricted.
  • All access to network resources and cardholder data should be tracked and monitored.
  • Security systems and processes should be regularly tested.
  • A policy that addresses information security should be maintained.

PCI compliance also reference wireless networks and their use, monitoring and security incident responses. Due to the inherent issues of transferring data wirelessly, PCI compliance requires at least quarterly security checks of any wireless networks in use and sets a minimum security standard for said wireless networks.

If you require any advice regarding e-commerce or wish to find out more information about PCI compliance specifically, be sure visit the recommended links below or feel free to contact us.