How Do I Follow the 12 Data Security Standards (PCI DSS)?

PCI DSS study

The first step to following the 12 Payment Card Industry Data Security Standards (PCI DSS) is knowing them. They are categorized into 6 general requirements, with multiple sub-requirements.

Build and Maintain a Secure Network and Systems1. Install and maintain a firewall configuration to protect cardholder data2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data3. Protect stored cardholder data4. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program5. Protect all systems against malware and regularly update anti-virus software or programs6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures7. Restrict access to cardholder data by business need to know8. Identify and authenticate access to system components

9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks10. Track and monitor all access to network resources and cardholder data11. Regularly test security systems and processes
Maintain an Information Security Policy12. Maintain a policy that addresses information security for all personnel

Some of these 12 requirements fall under basic knowledge of privacy and responsibility. Numbers 2 and 7 for example, are likely even being done by businesses who are not fully PCI DSS compliant. Unless you enjoy paying additional monthly fees for not being compliant, or the occasional data breach, all 12 are important

PCI DSS add on fees

How Do I Become PCI DSS Compliant?

There is some relief in knowing that choosing the right payment processor for your business will help you be PCI DSS compliant. Some processors, like PayJunction, go through the hassle of renewing their compliance every year so that you don’t have to “develop and maintain secure systems and applications”. Other companies only provide the option of assessing you upon request. We recommend seeking a provider who maintains their end of the 12 Payment Card Industry Data Security Standards for obvious reasons. There is still some, but significantly less leg work on your end. Don’t believe us? Requirement number one, found in the PCI DSS guidebook, takes 9 pages to direct the implementation and testing.

Becoming PCI DSS compliant should be easy. Whether you’re new to business, or just new to accepting cards, you’re familiar with the endless list of To Do’s for business owners. PCI compliancy reduces the likelihood of fraud in the U.S so you should be afforded a break while obtaining it. PayFrog, a certified reseller of payment processing, gets it. We’re here to help you with your PCI DSS certification every step of the way. It’s a complicated process, but not nearly as tough when you have an experienced merchant card services pro in your corner.

Call a Pro - PCI DSS compliance

Leave a Comment

Your email address will not be published.

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

I agree to these terms.

Subscribe to Blog

Scroll to Top