What is PCI DSS compliance?
PCI compliance (payment card industry compliance) is adherence to a set of information security standards for businesses that have access to cardholder data. These standards are collectively referred to as the PCI DSS, or the Payment Card Industry Data Security Standard, which was established by the PCI Security Standards Council (PCI SSC). The PCI DSS was designed to increase controls and security surrounding credit card data to reduce credit card fraud. Any organization that handles credit card information—be it storing, accepting, processing, or transmitting that data—must be PCI compliant in its software and hosting.
How do organizations protect cardholder data?
In order to meet the standard, organizations must protect cardholder data and maintain a secure network, implementing firewalls at every internet connection. They must implement strong access control measures and restrict access to cardholder data on a need-to-know basis, monitoring who has access to network resources and cardholder data. They must test security systems, security processes, and networks on a regular schedule, and regularly update anti-virus software. They must also maintain a vulnerability management program and information security policy.