The basics of PCI DSS compliance for retailers

The Payment Card Industry Data Security Standard, or PCI DSS, is a set of technical and operational security standards set by the PCI Security Standards Council to ensure the safety of cardholder data during and after transactions. According to a PSI SSC reference guide, the security organization is a joint effort organized by major finance companies American Express, Discover, JCB International, MasterCard and Visa. Any merchant that accepts any form of card-based payments from these entities must comply with PCI DSS standards.

Vantiv noted that PCI DSS rules are not federally enforced but some individual states have laws that reference the standards. Noncompliance with the rules could result in fines and companies could be held liable if they expose customer card data.

Retailers need to comply with PCI DSS objectives

"Merchants must thoroughly protect any sensitive customer data they store."

The six major PCI DSS requirements are:

1. Secure Network
Transactions must be completed on protected networks through the use of efficient firewalls.  Local area networks that transport customer data are vulnerable to attacks from hackers and require specialized firewall protections. Merchants should also never use vendor-supplied default passwords for security systems and internet access points.

2. Protect cardholder data
Merchants must thoroughly protect any sensitive customer data they store. Any data that is transmitted wirelessly through public networks should be digitally encrypted.

3. Maintain vulnerability management program
Businesses should regularly update their anti-virus, anti-spyware, and other anti-malware solutions to defend against hackers. All applications should be routinely checked for bugs and vulnerabilities that could be maliciously exploited.

4. Implementing access control measures
Employees who have access to cardholder data should have unique logins. Businesses outside the company should have restricted access to customer data except in cases where totally necessary. Data should be physically protected, such as using paper shredders or combination locked dumpsters for disposal,alongside digital security measures.

5. Routinely monitor and test networks
Track and monitor all access to cardholder data on a constant basis. Test and update all security systems and application processes frequently and routinely.

6. Maintain an information security policy 

Establish a formal set of guidelines and consequences regarding information security and ensure all applicable entities follow them at all times.

Cloud 9 has numerous products that are fully compliant with the latest PCI guidelines are designed to help merchants keep their customer cardholder data safe and secure. To learn more about effective card processing software, get in touch with Cloud 9 today.

Leave a Reply

Scroll to Top