PCI Compliance refers to the standards that businesses must follow to process credit card payments. These standards were created to protect account and identity information of credit card owners. Compliance standards are enforced by the PCI Standards Council and state that any business that store, process or transmit card data are required to follow the set of guidelines that have been summarized below:
- Install and maintain a firewall to protect cardholder data from external access.
- Change default passwords on all equipment on the card processing network.
- The storage of cardholder data should be avoided where possible and protected when stored.
- Cardholder data must be encrypted when transmitted across open, public networks.
- Antivirus software must be used and updated and systems need to run operating systems that are being supported and patched.
- Physical access to cardholder data by employees should be limited and access needs to be monitored and recorded.
- Security tests need to be performed regularly.
- Businesses should develop a security information policy that outlines expectations for handing cardholder data to employees.
There is a lot more information available on the PCI Security Standards website including a compliance self-assessment worksheet and documentation library. Data breaches were responsible for nearly $4 million dollars in 2019, and that number is expected to increst this year.
For more information on how to secure your data give us a call. We would be happy to start the conversation around what we can do to help protect your data.
Brandon Huber, Managed Security Analyst