top of page
Writer's pictureBeeKash Payment System

What Is PCI Compliance and Why Is It Important?


In recent years, data breaches at major companies such as Target and Equifax have made headlines. These data breaches put customers that entrust these companies with their data at risk, but also put the reputation of these companies on the line. In many of these cases, the data breaches were completely preventable and we can learn from these catastrophic security lapses.


To learn more about the Equifax Security Breach, read our previous Insights on the topic.


In 2006, five major credit card brands (Visa, Matercard, American Express, JCB, and Discover) formed the Payment Card Industry Security Standards Council. The goal of the PCI Security Standards Council is to have a single comprehensive compliance program that standardizes data security. The standards establish how credit card payment information is stored, processed, captured, and sent.


In order to be PCI DSS compliant there are 12 general requirements:

  1. Install and maintain a firewall configuration to protect cardholder data

  2. Do not use vendor-supplied defaults for system passwords and other security parameters

  3. Protect stored cardholder data

  4. Encrypt transmission of cardholder data across open, public networks

  5. Use and regularly update anti-virus software or programs

  6. Develop and maintain secure systems and applications

  7. Restrict access to cardholder data by business need to know

  8. Assign a unique ID to each person with computer access

  9. Restrict physical access to cardholder data

  10. Track and monitor all access to network resources and cardholder data

  11. Regularly test security systems and processes

  12. Maintain a policy that addresses information security for all personnel


Aside from the fact that being PCI compliant is a good business practice, why else should you be PCI compliant? The answer is that if you are processing any kind of payments with credit cards, PCI compliance is mandatory. In addition to the possibility of enormous data breaches, as with Target and Equifax, lack of PCI compliance can lead to fines from credit card brands and lawsuits from various sources.


In order to become PCI compliant, it is important to consult the PCI Security Standards website and their informational PCI DSS Quick Reference Guide. Creating your own PCI compliant security standards within your business is a great first step but it is also important to work with a payment processor who can help to educate and guide you through the PCI compliance process.


PCI Compliance Levels:

Level 1

  • Merchants processing over 6 million transactions annually across all channels

Level 2

  • Merchants processing between 1 million and 6 million transactions annually across all channels

Level 3

  • Merchants processing between 20,000 and 1 million e-commerce transactions annually

Level 4

  • Merchants processing less than 20,000 e-commerce transactions annually and all other merchants processing up to 1 million transactions annually


Becoming PCI compliant ensures the health and wellness of your business as well as the safety of your customers.


Work with a PCI compliant payment processor that puts the security of your business first, Apply Today!

39 views0 comments

コメント


コメント機能がオフになっています。
bottom of page