How to Become PCI Compliant
What is PCI Compliance ?
There are 12 categories of the Payment Card Industry PCI DSS requirements that all merchants must meet in order to be considered compliant or they risk financial penalties imposed by the card brands. PCI compliance is important because it reduces the vulnerability of the merchant to data breaches. A business owner can avoid paying expensive monthly PCI non compliance fees on their merchant services account by completing a Self-Assessment Questionnaire (SAQ).
You can complete your SAQ using a Qualified Security Assessor (QSA) such as Security Metrics or Trustwave. QSA companies are independent security organizations that have been qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS.
12 Categories Of PCI DSS Requirements
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt the transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software or programs
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need to know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security for all personnel
Every merchant account will have to stay compliant by completing a SAQ Self Assessment Questionnaire every year or they will be charged a monthly PCI non compliance fee. PCI monthly & annual fees may still apply to a merchant account based on PCI Tier level of business.