What Pci Compliance Means To A Business

By Author: Vikram Kuamr
Total Articles: 2912
Comment this article

PCI compliance is vital to the world's largest companies as well as small Internet retailers and bricks and mortar businesses. Any company accepting credit card payments, offline or online, has an obligation to keep its customers' payment card data safe and secure. The size of the business determines the particular PCI Data Security Standard (PCI DSS) compliance requirements. Also, PCI compliance is not a one-time event, it's an ongoing process - businesses need to continually evaluate their operations and fix any vulnerabilities they find.

In security terms, being PCI DSS compliant means a company follows the PCI DSS requirements for: Security management, procedures, policies, software design, network architecture and other vital protective measures. In operational terms, it means a business its playing it role to ensure their customers' payment card information is kept safe throughout every transaction. Customers need to have confidence their personal information is protected at all times.

Due to the huge growth in online and offline credit card usage, companies need to provide a higher level of security and ...
... protection for credit card information and personal data. In 2006, the major credit card companies established the Payment Card Industry Security Standards Council (SSC). To help prevent credit card fraud the SSC established rules to preside over credit card usage and security, these mandates are known as the PCI Data Security Standards (DSS). Companies processing any credit card transactions need to adhere to these rules.

Companies which handle SSC member cards and don't comply with PCI regulations may loose the ability to process credit card payments and may be audited and/or fined.

The SSC created six major PCI DSS categories:

• Protect cardholder data
• Create and maintain a secure network
• Implement strong access control measures
• Maintain a vulnerability management program
• Implement and maintain an information security policy
• Frequently monitor and test networks

These categories contain additional requirements including maintaining a firewall to protect cardholder data, using and frequently updating anti-virus software, encrypt transmission of cardholder information across open, public networks; restrict physical access to cardholder data, and track and monitor all access to cardholder data and network resources. Every requirement for PCI compliance includes various subsections which provide additional detail regarding the required processes.

Many businesses feel PCI compliance is just another fee they have to pay, similar to the fees they pay. However, the influx of identity theft cannot be ignored; stolen customer information can lead to large fines and a huge loss of customers. PCI compliance shouldn't be seen as an option but rather as part of doing business.

Identity theft is devastating to anyone victimized by it; it's vital any business collecting information from customers uses every means in their power to protect their information.

Author Bio.

The PCI Compliance program helps businesses create a safe and secure system for processing card payments. Learn how to obtain a reliable PCI Compliance program by visiting PCI Free.