Software developers unfamiliar with the nuances of incorporating credit card processing into their software might wonder what the term “PCI compliance” is when they hear it and be confused about why it matters for their business. PCI compliance represents adhering to the Payment Card Industry Data Security Standard (PCI DSS), which has been endorsed by all major credit card providers. This set of standards helps to maintain security for merchants that accept credit card payments, and any merchant that accepts, transmits, or stores payment card data needs to be compliant.
What Are the PCI Standards?
There are 12 basic requirements your business payment processing must meet in order to be considered PCI compliant. Any merchant services provider you use should follow all these to ensure compliance.
- Protect cardholder data with an effective firewall configuration.
- Ensure all system and security passwords are unique, and never use vendor-supplied default passwords.
- Ensure cardholder data is protected.
- Encrypt cardholder data when it is transmitted across open and public networks.
- Employ effective, updated anti-virus software.
- Make sure systems and applications are developed and maintained for security.
- Restrict cardholder data sharing within the business.
- Ensure each employee has a unique ID for computer access.
- Restrict physical access to cardholder data.
- Regularly monitor network resource access.
- Install, test, and maintain security systems.
- Create and maintain an information security policy.