- PCI program provides up to $100,000 of data breach protection1
Tools & Education
- Step-by-step instructions for completing the compliance process
Assistance with PCI Self-Assessment Questionnaire and vulnerability scanning (if applicable)
- Valuable tips and information for safeguarding your business
- Access to PCI professionals to answer questions online, by phone, and by email
What is PCI?
To whom does PCI apply?
Why does my business need to be PCI compliant?
What are the steps to PCI compliance?
All merchants, whether small or large, that process, store or transmit cardholder data must adhere to the following requirements for PCI DSS compliance:
Build and Maintain a Secure Network
- Install and maintain a firewall configuration to protect data.
- Avoid using vendor-supplied defaults for system passwords and other security parameters.
Protect Cardholder Data
- Protect stored data.
- Encrypt transmission of cardholder data and sensitive information across public networks.
Maintain a Vulnerability Management Program
- Use and regularly update antivirus software.
- Develop and maintain secure systems and applications.
Implement Strong Access Control Measures
- Restrict access to data by business need-to-know.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
Regularly Monitor and Test
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
Maintain an Information Security Policy
- Maintain a policy that addresses information security.
- Some of the standards above may not be applicable to all processing environments.
Level 1-3 merchants must then validate or prove their compliance by meeting requirements that vary by “PCI level,” which is based on annual card transaction volumes. To validate compliance, merchants must take the following steps:
- Complete and pass an annual PCI DSS Self-Assessment Questionnaire (SAQ) appropriate for your merchant processing environment.
- If you are storing or processing cardholder data on or through an Internet-facing environment, you must also pass quarterly vulnerability scans of your network.
- Additional certification requirements may apply based on your processing environment and the number of transactions you process annually.
1 Up to $100,000 of data breach protection per Customer ID number if enrolled in vendor program and have certified PCI compliance.