What is PCI DSS?

The Payment Card Industry (PCI) Data Security Standard details security requirements for members, merchants and service providers that store, process or transmit cardholder data.

More PCI FAQS

Who does this apply to and who must comply?
ALL merchants that process, store or transmit payment cardholder data must be PCI DSS compliant.

read more

I need to become compliant! Now what?
We make the entire process as easy as possible. There are four basic steps to achieve compliance, in which we outline the details in
The Process section of this site.

read more

The PCI Standard

Build and Maintain a Secure Network

1. Install and maintain a firewall configuration to protect data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect Cardholder Data

3. Protect stored data.
4. Encrypt transmission of cardholder data and sensitive information across public networks.

Maintain Vulnerability Management Program

5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications.

Implement Strong Access Control Measures

7. Restrict access to cardholder data by business need-to-know
8. Assign unique ID to each person with computer access
9. Restrict physical access to cardholder data

Regularly Monitor and Test Networks

10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes

Maintain an Information Security Policy

12. Maintain a policy that addresses information security