PCI DSS Defined

PCI DSS — Merchant Requirements and Action Steps


Acceptance of credit cards for payment has grown exponentially at small businesses across the US. Small merchants of all sizes should be aware of the risk for theft and fraud, and take action to combat this by certifying with the industry standard for handling credit card data, called the Payment Card Industry Data Security Standard (PCI-DSS). The PCI DSS is required for all businesses accepting credit cards.


What is PCI DSS? The five major card networks (American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa Inc.) established the PCI DSS as a set of requirements for business of all types to use when configuring their IT and payment-processing environments. Understanding the requirements is the first step. Some businesses will need IT support to ensure all of the requirements are met prior to taking action to certify compliance. (For additional information, please visit www.pcisecuritystandards.org.) The 12 requirements are as follows:


  • Install and maintain a firewall configuration to protect data

  • Do not use vendor-supplied defaults for system passwords and other security parameters

  • Protect stored data

  • Encrypt transmission of cardholders data sensitive information across public networks

  • Use and regularly update anti-virus software

  • Develop and maintain secure systems and applications

  • Restrict access to data by business need-to-know

  • Assign a unique ID to each person with computer access

  • Restrict physical access to cardholder data

  • Track and monitor all access to network resources and cardholder data

  • Regularly test security systems and processes

  • Maintain a policy that addresses information security

There are no comments.

Leave a Reply