The first step to following the 12 Payment Card Industry Data Security Standards (PCI DSS) is knowing them. They are categorized into 6 general requirements, with multiple sub-requirements.
| Build and Maintain a Secure Network and Systems | 1. Install and maintain a firewall configuration to protect cardholder data | 2. Do not use vendor-supplied defaults for system passwords and other security parameters |
| Protect Cardholder Data | 3. Protect stored cardholder data | 4. Encrypt transmission of cardholder data across open, public networks |
| Maintain a Vulnerability Management Program | 5. Protect all systems against malware and regularly update anti-virus software or programs | 6. Develop and maintain secure systems and applications |
| Implement Strong Access Control Measures | 7. Restrict access to cardholder data by business need to know | 8. Identify and authenticate access to system components 9. Restrict physical access to cardholder data |
| Regularly Monitor and Test Networks | 10. Track and monitor all access to network resources and cardholder data | 11. Regularly test security systems and processes |
| Maintain an Information Security Policy | 12. Maintain a policy that addresses information security for all personnel |
Some of these 12 requirements fall under basic knowledge of privacy and responsibility. Numbers 2 and 7 for example, are likely even being done by businesses who are not fully PCI DSS compliant. Unless you enjoy paying additional monthly fees for not being compliant, or the occasional data breach, all 12 are important
How Do I Become PCI DSS Compliant?
There is some relief in knowing that choosing the right payment processor for your business will help you be PCI DSS compliant. Some processors, like PayJunction, go through the hassle of renewing their compliance every year so that you don’t have to “develop and maintain secure systems and applications”. Other companies only provide the option of assessing you upon request. We recommend seeking a provider who maintains their end of the 12 Payment Card Industry Data Security Standards for obvious reasons. There is still some, but significantly less leg work on your end. Don’t believe us? Requirement number one, found in the PCI DSS guidebook, takes 9 pages to direct the implementation and testing.
Becoming PCI DSS compliant should be easy. Whether you’re new to business, or just new to accepting cards, you’re familiar with the endless list of To Do’s for business owners. PCI compliancy reduces the likelihood of fraud in the U.S so you should be afforded a break while obtaining it. PayFrog, a certified reseller of payment processing, gets it. We’re here to help you with your PCI DSS certification every step of the way. It’s a complicated process, but not nearly as tough when you have an experienced merchant card services pro in your corner.
