Discover the basics of PCI compliance to help get you going in the right direction.
If you’re opening a new business or taking ownership of an existing one, there’s one thing you can’t afford to overlook: PCI compliance. You may have heard about PCI compliance but still be unsure about what it entails. This article covers the basics of PCI compliance to help get you going in the right direction.
How to become
PCI compliant
What is PCI DSS?
The Payment Card Industry Data Security Standards (PCI DSS) is a set of global security standards designed to ensure that all entities involved in accepting, processing, storing or transmitting credit card information maintain a secure environment. PCI DSS is overseen by the Payment Card Industry Security Standards Council (PCI SSC), which was created by the payment card brands Visa, Mastercard and American Express.
This article outlines the essentials of what you’ll need to know to get your business started with a new merchant account to accept electronic payments.
Payment card brands and acquirers are responsible for enforcing PCI compliance, but they aren’t equipped to inspect every business to make sure PCI regulations are being met. Merchants are presumed innocent – or compliant – until they experience a breach. While PCI enforcement has historically been more relaxed in the UK and Europe compared to the United States, enforcement rates are on the rise.
One important thing to note is that PCI compliance is not a one-time event – it’s an ongoing activity. For merchants, this means active monitoring and maintenance of your business systems and technologies.
Learn more about the history of PCI DSS.
What are the PCI standards?
The PCI SSC established 12 principal standards to guide the overall efforts for achieving and maintaining compliance. These standards address the security of the payment system at large and recommend the implementation of network security protocols. This includes things like firewalls, anti-virus protection, password maintenance, access restrictions, regular security tests, policies that address information security and more.
