Overview of PCI (Payment Card Industry) Compliance


Payment Card Industry compliance refers to the technical and operational standards that businesses must follow to ensure that credit card data provided by cardholders is protected. PCI compliance is enforced by the PCI Standards Council, and all businesses that store, process or transmit credit card data electronically are required to follow the compliance guidelines.

PCI compliance standards require merchants and other businesses to handle credit card information in a secure manner that helps reduce the likelihood that cardholders would have sensitive financial data stolen. If merchants do not handle credit card information properly, the card information could be hacked and used to make fraudulent purchases. Additionally, sensitive information about the cardholder could be used in identity fraud.

Being PCI compliant means consistently adhering to a set of guidelines set forth by companies that issue credit cards. The guidelines outline a series of steps that credit card processors must continually follow. Companies are first asked to assess their information technology infrastructure, business processes and credit card handling procedures to help identify potential threats that may compromise credit card data. Companies are then asked to address any gaps in security, and to avoid storing sensitive cardholder information, such as social security and driver’s-license numbers, whenever possible. Companies are required to provide compliance reports to the card brands that they work with, such as American Express and VISA.

All companies that process credit card information are required to maintain PCI compliance, regardless of their size or the number of credit card transactions they process. All companies are broken into merchant levels based upon the number of transactions that are processed during a specified period. PCI compliance is governed by the Payment Card Industry Security Standards Council, an organization formed in 2006 for the purpose of managing the security of credit cards. The requirements, known as the Payment Card Industry Data Security Standards (PCI DSS), are managed by the major credit card companies, including VISA, American Express, Discover and MasterCard, among others.

In order to become PCI compliant, you must complete a yearly Self-Assessment Questionnaire (SAQ) and/or pass a quarterly PCI Security Scan.The SAQ includes a series of questions to help assess PCI compliant security levels, and is divided in categories based on how a business processes credit cards.Also, find a payment processor that provides PCI compliant credit card processing solutions to ensure secure card transactions for your business.

 

To find out more information on PCI compliance and the security standards, check out the extremely detailed PCI Compliance wikipedia page.

You can also check out the official PCI Security Standards Council website.

>