12 Steps to PCI Compliance
Updated: Feb 25
PCI DSS Compliance stands for Payment Card Industry Data Security Standard. Companies must follow these to become compliant. PCI Compliance is vital for any business that processes credit cards. Check out the video below to understand what PCI is. Below the video, I have provided what is the 12 steps to PCI Compliance.
12 Steps are:
You must have a Firewall: A business must prove they have a firewall. This can be on your physical property or in the cloud, depending on what's best for your business.
Protect Stored Data: Any databases that exist on servers archived shall be subject to protection. It also has to secure all physical documents.
Data Encryption: Where sensitive information is ever transmitted over the Internet. The organization needs to be able to show the data is being encrypted.
Anti Virus Software: Illustrating that you have software that is always scanning viruses on your computer. It must be updated regularly.
Development of Secured applications: Applications you build with their own code must be secured.
Restrict access to Data: Accessing data on a need to know basis, who has access to specific data
Unique User ID: Every employee has to have a unique user ID. There can not a group ID that everyone shares or uses,
Restrict Physical Access: Restrictions to Credit Card Data that has complete log history who accesses the information. You have to show that the data is secured
Track and monitor access: You must have a paper, the digital trail of who has access
Testing Security Systems: Demonstrate that you are regularly testing security systems and illustrate they work.
Maintenance of maintaining security policy: All security policies must be written out in a document and must be audited through a PCI Compliant officer.
No matter the size of your business, if you process credit cards, you should consider becoming compliance.
Different Levels of PCI
Level 1: Which is the most strict, it is a business that does more than 6 million credit card transactions a year
Level 2: Is a business doing 1 million to 6 million in credit card transactions a year.
Level 3: It is a business doing 20 thousand to 1 million in credit card transactions a year.
Level 4: Is a business that is doing less than 20 thousand transactions with credit cards a year.
Each level provides stricter requirements for a business to have the ability to do credit card transactions. Each level has to meet the standard PCI Compliant 12 steps mentioned above. It is the companies responsibility to make sure they stay compliant.
What's at risk if you are not PCI Compliant:
Is that the PCI Compliance Board can make you not being able to process credit cards.
Imagine what would happen to your business if you could not take credit card transactions?
For some businesses, this could shut down a business completely, especially a market that is eCommerce. To do this, you can do your self or hire someone to assist you.
Why should you be concerned if your business is PCI Compliant?
The truth is if your processing credit cards you should be compliant. Getting in trouble because you are not following the PCI regulations can provide your business unwanted fines and the ability to stop you from processing credit cards. So it is important to either do it your self or hire a company that can assist you with making sure you get this setup. Outsourcing may help to make sure it is easy processing to become compliant.
How to find out if a company is PCI Compliant?
Visit the Global Registry of Service Providers to find out what companies are PCI Compliant; it is updated regularly.