Glossary

    [resources, glossary, pci-compliance]

    Compliance

    PCI Compliance

    What is PCI DSS Compliance?

    PCI compliance, or payment card industry compliance, refers to a set of 12 security standards that organizations must adhere to to keep customer payment card data secure.

    PCI compliance or PCI DSS (payment card industry data security standard) is mandated by credit card companies in an effort to ensure the security of credit card transactions.

    Who needs PCI DSS Compliance?

    Any company that accepts, transmits, or stores private data of cardholders needs to be PCI compliant.

    Is PCI DSS Compliance required by law?

    PCI DSS is not a law. PCI DSS is a security standard. Compliance is mandated by contracts that a merchant signs with major credit card brands such as Mastercard and Visa. Merchants who want to accept a credit card brand are required by the brand to demonstrate PCI DSS compliance.

    What are the 12 requirements of PCI DSS Compliance?

    In order to comply with PCI standards and guidelines, there are 12 steps that must be followed. The following steps are considered to be security best practices.

    1. Implement firewalls to protect customer data
    2. Have appropriate password protection in place, such as 2FA
    3. Protect cardholder data
    4. Encrypt the transmission of cardholder data
    5. Use anti-malware and antivirus software
    6. Update software and maintain security systems
    7. Restrict employee access to cardholder data
    8. Assign unique user login ids to those who have access to cardholder data
    9. Restrict physical access to data storage
    10. Create and monitor access logs
    11. Test security systems on a regular basis
    12. Create a policy that is documented and can be followed

    Want to learn how cybersecurity asset management can help ensure PCI DSS compliance? Check out this report.