PCI-DSS

Payment Card Industry Data Security Standard

Keep your systems secure, and customers can trust you with their sensitive payment card information. When you stay compliant, you are part of the solution – a united, global response to fighting payment card data compromise.

The PCI Security Standards Council is constantly working to monitor threats and improve the industry’s means of dealing with them, through enhancements to PCI Security Standards and by the training of security professionals.

In general, PCI compliance is required by credit card companies to make online transactions secure and protect them against identity theft. Any merchant that wants to process, store or transmit credit card data is required to be PCI compliant, according to the PCI Compliance Security Standard Council

This means that simply not storing credit card data does not makes you PCI compliant. PCI compliance is not required by federal law in the US, but there are some state level laws that refer to PCI compliance. … However, your Credit Card Company or merchant bank will generally require your business to be PCI compliant.

REQUIREMENTS

  1. Build and Maintain a Secure Network and Systems
  2. Protect Cardholder Data
  3. Maintain a Vulnerability Management Program
  4. Implement Strong Access Control Measures
  5. Regularly Monitor and Test Networks
  6. Maintain an Information Security Policy