Let us first understand what PCI Compliance means. PCI DSS (Payment Card Industry Data Security Standards) is a set of standards and rules set by organizations responsible for handling or storing Credit and Debit Card Information. These standards are set up by the Payment Industry Standards Council in order to protect cardholders from scams and fraud. These 12 requirements of PCI DSS are as follows:
- Install and maintain a firewall to protect cardholders’ data.
- Do not use vendor-supplied defaults for system passwords or other security parameters.
- Protect stored cardholder data at all costs.
- Provide encrypted transmission of cardholder data across open and public networks.
- Use and update Antivirus software and programs on a regular basis.
- Create and maintain a secured system and applications.
- Restrict access to cardholder data by business need to know.
- Provide a unique ID to every person who has access to the computers.
- Restrict physical access to cardholders’ data.
- Always track and monitor all accesses to the network resources and cardholder data.
- Test security systems and processes on a regular basis.
- Create and maintain a policy that addresses information security for all personnel.
Who needs PCI Compliance?
We are witnessing the shift from the physical to the digital world. All the businesses have now moved their stores to an online presence. The use of credit and debit cards have now been increasing, and soon will be the new face of currency even in third-world countries as well. Any website, such as an eCommerce store that allows its customers to put in their card details, must comply with these standards. But if your website redirects your customers to a third-party payment provider like PayPal, WorldPay, etc., then they got your back because these providers will usually look after the security for you.
If you fall under the compliance standards, then you should check the site’s compliance and make sure to improve any vulnerabilities.
What do you need to do?
You might need to employ some changes to your website and hosting to receive a successful report. You may have to update your software, strengthen your firewall and adapt your website according to the standards of PCI DSS. After successfully passing the initial scan, the organization will run a regular monthly report. So be prepared!
This article is to inform the website holders in particular and everyone, in general, to learn about the standards the organization holds to ensure their card’s safety. If you are a customer, you have every right to ask the website owners about their compliance with these standards.