Monday, March 30, 2015

PCI Compliance


The Payment Card Industry Data Security Standard (PCI DSS) requires companies that process, store, or transmit credit card information to keep a secure environment to protect cardholders.  It applies to both online or offline merchants and requirements depend on the size of business.  PCI Compliance is enforced by the different payment brands.

An article from CSO by Jonathan Trull outlines 5 tips for PCI Compliance:

1. PCI 3.0: Get to Know the Latest Requirements
2. Implement a Risk-Based Approach to Security
3. Protect Stored Card Data
4. Regularly Test Security Systems and Processes
5. Maintain a Vigilant Policy Compliance Program

Our favorite tip is number 4. Trull points out that compliance should not be seen as merely a yearly requirement, but should be managed and maintained on a regular basis as an annual certification does not ensure that you will be compliant in the weeks and months following. 


To read about each of the steps, click here

No comments:

Post a Comment