What is PCI Compliance?

The Payment Card Industry (PCI) Data Security Standard (DSS) are a set of security standards created by credit card companies (Visa International, Mastercard, Discover Financial Services, JCB, and American Express) to protect sensitive customer data that you may hold in your online databases.

The PCI standard asks merchants and service providers to meet minimum standards of security when storing, processing and transmitting this customer data.  This is also known as PCI compliance.

Non PCI compliance penalties vary among major credit card networks and can be substantial. For example, companies can be barred from processing credit card transactions, can incur higher processing fees and even be fined heavily (e.g., up to $500,000).

What Must You Do to be PCI Compliant?

PCI compliance requires annual and/or quarterly assessments depending upon the nature of your business and the volumes of transactions that you process. There are a number of minimum requirements and these include six categories as stated by the standard:

Build and Maintain a Secure Network and Systems

Requirement 1: Install and maintain a firewall configuration to protect cardholder data

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

Requirement 3: Protect stored cardholder data

Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs

Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know

Requirement 8: Identify and authenticate access to system components

Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data

Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security for all personnel

These requirements mean that merchants and companies that need to maintain a portfolio of products to help them report on each category and ensure PCI compliance. No one product helps on reporting compliance in all areas.

Acunetix WVS and Acunetix SiteAudit will help you with Requirement 6 – Developing and maintaining secure systems and applications. To read more about PCI compliance read our white paper. 

To learn more about how Acunetix and how an Acunetix SiteAudit can help you secure and maintain your web systems and web applications, visit our related product pages or get a demo.

For more information, email us at sales@acunetix.com.