Skip to content
    Search
    Request A Free Trial
    Compliance

    What is PCI DSS Compliance?

    PCI compliance, or payment card industry compliance, refers to a set of 12 security standards that organizations must adhere to to keep customer payment card data secure.

    PCI compliance or PCI DSS (payment card industry data security standard) is mandated by credit card companies in an effort to ensure the security of credit card transactions.

    Who needs PCI DSS Compliance?

    Any company that accepts, transmits, or stores private data of cardholders needs to be PCI compliant.

    Is PCI DSS Compliance required by law?

    PCI DSS is not a law. PCI DSS is a security standard. Compliance is mandated by contracts that a merchant signs with major credit card brands such as Mastercard and Visa. Merchants who want to accept a credit card brand are required by the brand to demonstrate PCI DSS compliance.

    What are the 12 requirements of PCI DSS Compliance?

    In order to comply with PCI standards and guidelines, there are 12 steps that must be followed. The following steps are considered to be security best practices.

    1. Implement firewalls to protect customer data
    2. Have appropriate password protection in place, such as 2FA
    3. Protect cardholder data
    4. Encrypt the transmission of cardholder data
    5. Use anti-malware and antivirus software
    6. Update software and maintain security systems
    7. Restrict employee access to cardholder data
    8. Assign unique user login ids to those who have access to cardholder data
    9. Restrict physical access to data storage
    10. Create and monitor access logs
    11. Test security systems on a regular basis
    12. Create a policy that is documented and can be followed

    Want to learn how cybersecurity asset management can help ensure PCI DSS compliance? Check out this report.

    See the Platform

    See the Axonius Platform for yourself with an interactive product tour, where we'll guide you through key applications of our Cybersecurity Asset Management and SaaS Management solutions.

    Get a Free Trial

    Sign-up for a free full-access 30 day trial to learn how Axonius gives IT and security teams a comprehensive understanding of all assets, their relationships, and business-level context including devices, identities, software, SaaS applications, vulnerabilities and security controls, and more.

    Book a Demo

    Request a demo to learn how the Axonius Platform provides a system of record for all digital infrastructure helping IT and security teams manage an always-expanding sprawl of devices, users, software, SaaS applications, cloud services, and the tools used to manage and secure them.