PCI Security Standards
- PCI Security Standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The Council is responsible for managing the security standards, while compliance with the PCI Security Standards is enforced by the payment card brands. The standards apply to all organizations that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions.
If you are a merchant that accepts payment cards, you are required to be compliant with the PCI Data Security Standard.
- As a merchant who accepts credit cards, you are responsible for adequately securing your customers' cardholder information wherever it resides-on your computers, in a drawer, or in a filing cabinet. If you fail to do so, the card companies and your bank-under the terms of your Merchant Processing Agreement-can hold you accountable for fines and for any losses they suffer from the fraudulent use of cardholder data obtained from your business.
- More detailed guidelines describing the 12 basic system requirements are outlined in the PCI DSS located at www.pcisecuritystandards.org. PCI DSS requirements include, among other things, using current anti-virus software, issuing passwords to your employees, not retaining card magstripe data and using a firewall if your system is connected to the Internet.
- PCI compliance is a very serious matter. Non-compliance can cost you money, time, and reputation. If your systems are not PCI-compliant, your business is at extreme financial risk.