Just heard about PCI compliance? Wish to know what it is and how it works? Who should be complying with its guidelines? And, above all, do you fall under that category? Well, this blog tries its best to answer all these questions. So if “PCI compliance” is a new term to you, read on to understand more about it.
What is PCI Compliance?
PCI stands for Payment Card Industry. And PCI Compliance is a set of guidelines for online business(es) selling products online; guiding them to carry out “customer-related transactions” in a secure way. In other words, they help online businesses (or merchants) establish a “solid online payment method” by adopting security measures (backed up by PCI DSS Council) which make hacking (of such sensitive customer data) almost impossible.
Simply put, these guidelines define how customer credit card information should be handled online by online business(es) or merchants.
Who Created It?
The PCI DSS (Payment Card Industry Data Security Standards) Council, which is made up of major payment card brands like Visa, MasterCard, American Express, is responsible for establishing these PCI compliance guidelines.
Who Needs It?
Any online business, especially E-commerce sites, dealing with customer online transactions.
How Do You Become PCI Compliant?
To qualify for PCI compliance, you should meet the 12 main requirements or security measures laid down by PCI DSS council, which are as follows:
1. Implement a firewall to secure your network
2. Don’t use default system passwords and defaults for other such security parameters
3. Store cardholder data in a secure way
4. Encrypt cardholder data across public networks
5. Use and regularly update antivirus programs
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data
8. Assign unique Ids to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to the network
11. Regularly test security systems and processes
12. Maintain a good security policy for the organization
If you implement all these security measures, you’ll be considered as ‘PCI Compliant’. But this does not necessarily mean you’ve become fully PCI Compliant. Because you and I are not security experts like the members of PCI DSS council. So how can you test your PCI compliance or the extent to which you’ve become compliant with the PCI security standards? The answer is PCI SAQ.
What is PCI SAQ?
PCI SAQ stands for PCI Self-Assessment Questionnaire. A list of questions which help PCI Compliant organizations assess the extent to which they are complying with PCI DSS council. Taking up this questionnaire will let online business(es) understand where they stand when it comes to online security and the measures they can be taking to improve the same.