Guide to PCI Compliance
Information Security Compliance Standard for Merchants and Vendors
What is PCI Compliance?
Secure payment systems ensure your customers that you can be trusted with their payment information.
PCI Compliance is a standard created by major credit institutions like American Express, Visa, Mastercard, and JCB. It is designed to protect consumer’s financial information from cybercriminals.
Who should be PCI Compliant?
Vendors, Merchants, Service Providers
Anyone who provides goods or services to businesses or consumers and accepts payments via credit card.
A Real World Example
In 2013, Target was subject of a consumer-focused hack that affected customers who shopped at U.S. Target stores between November 27 and December 15.
70 million customer names, credit or debit card numbers, expiration dates and CVVs were involved in the information theft.
What does PCI Compliance consist of?
There are 12 data security requirements that every merchant is required to follow. While there are also over 200 sub-requirements, not all of them may apply to your business.
Twelve security requirements of PCI DSS Compliance
Build and Maintain a Secure Network
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
- Use and regularly update anti-virus software or program
- Develop and maintain secure systems and applications
Implement Strong Access Control Measures
- Restrict access to cardholder data by business need to know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
Regularly Monitor and Test Networks
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
Maintain an Information Security Policy
- Maintain a policy that addresses information security for all personnel
What is our approach to compliance?
Our team conducts a series of interviews and a network audit to determine data access and usage.
A Gap Analysis identifies the missing pieces necessary to achieve compliance.
A remediation plan is put forth and executed with action steps towards compliance based on priority level.
ITonDemand then monitors system usage and provides the service and support to maintain compliance.
Compliance+ in Action / Florida Manufacturing Firm
A small north Florida manufactures CNC close tolerance machined parts, custom components, and assemblies for the defense sector. Given the sensitive nature of the parts being manufactured, it was vital that communications and manufacturing specifications were secure while organizational infrastructure was put in place and maintained to NIST Compliance.
Read how ITonDemand made it happen.