PCI-DSS Compliance Resource Center

Protect your Business and Customers with PCI-DSS Compliant

Is your ability to process credit cards at risk?
The deadline for companies to be using a PCI-DSS compliant payment application was July 1, 2010, according the PCI Data Security Standards.

We've created this resource center to document PCI-DSS, and to assist you to achieve compliance.

What is PCI-DSS Compliance?

The Payment Card Industry Data Security Standard established a set of requirements for enhancing the data security of payment accounts. The far-reaching requirements include standards for security management, policies, procedures, network architecture, software design, and other measures created to protect customer account data.

The developers of the PCI-DSS (American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International collaborated on the standards in order to facilitate global adoption of consistent data security measures.

Twelve requirements for PCI-DSS compliance:

Build and Maintain a Secure Network

Install and maintain a firewall and use unique, high-security, passwords with special care to replace default passwords.
Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

Whenever possible, cardholder data must not be stored.
You must also encrypt any data passed across public networks, including your shopping cart and web-hosting providers.

Maintain a Vulnerability Management Program

Use anti-virus and keep it up date.
Develop and maintain secure operating systems and payment applications. Ensure the applications you use are compliant (see www.visa.com/pabp).

Implement Strong Access Control Measures

Access to cardholder data – both electronic and physical – should be on a "need-to-know" basis.
Ensure those people with access have a unique ID and password. Do not share logon information.
Restrict physical access to cardholder data

Regularly Monitor and Test Networks

Track and monitor all access to networks and cardholder data.
Ensure you have a regular testing schedule for security systems and processes including firewalls, patches and anti-virus.

Maintain an Information Security Policy

It's critical that your organization has a resource for governing your company’s data security. Ensure you have a policy and that it's disseminated and updated regularly.

Contact me about PCI - DSS Compliance

Full Name *

Company Email Address *

Phone

Company *

Call us at 508-393-7731 today to protect your business and your customers from the risks of being non-compliant today.

PCI FAQ
(PDF version)

Review PCI_DSS Self-Assessment
This is the questionnaire provided by
the PCI Standards Security Council

Credit Card and PCI Security
Standard Council Contact Info:

Visa's Cardholder Information
Security Program (CISP)

MasterCard's Site Data Protection
(SDP) program

Discover's Discover Information
Security and Compliance (DISC)
program

American Express Data Security
Operating Policy (DSOP)

PCI Security Standards Council

Additional resources

PCI For Dummies

	Contact me about PCI - DSS Compliance
	Full Name *

	Company Email Address *

	Phone

	Company *