Wednesday, May 18, 2011

PCI Compliance

Being compliant with the PA-DSS guidelines is an ongoing process and grocers need to be ever vigilant. PCI compliance may be difficult to understand. In order to be compliant you need to follow all of the 12 steps in the PCI Data Security Standard. What is the PCI Data Security Standard Requirements? “PCI DSS version 2.0 is the global data security standard that any business of any size must adhere to in order to accept payment cards, and to store, process, and/or transmit cardholder data. It presents common-sense steps that mirror best security practices.”


Here is a list of the main 12 requirements you must follow to be PCI compliant:

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Requirement 5: Use and regularly update anti-virus software or programs
Requirement 6: Develop and maintain secure systems and applications
Requirement 7: Restrict access to cardholder data by business need to know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Requirement 12: Maintain a policy that addresses information security for all personnel

Here is a link to the actual document, version 2.0: https://www.pcisecuritystandards.org/security_standards/documents.php?association=PCI-DSS (you will need to agree to the terms when you first click the link)

PCI is always changing to better protect your customer’s information. Below are some links to help understand PCI.

https://www.pcisecuritystandards.org/security_standards/why_comply.php
https://www.pcisecuritystandards.org/merchants/how_to_be_compliant.php