What Is PCI Compliance?

Posted on by David Singer
Reading Time: 2 minutes

What Is PCI Compliance?

For any business that handles Credit Card data, in anyway, there is a set of rules and standards they must follow. These rules and regulations are called Payment Card Industry Data Security Standard. Or PCI-DSS for short, however this is often simplified to just ‘PCI Compliance’.

These standards were put in place by major Credit Card companies to ensure data security. These standardized rules greatly simplify securing credit card data as they allow businesses to track a single standard. In the past each credit card network had their own standard which made it hard for users to be compliant.

Who created PCI Compliance and why?

In the early 2000s there were numerous issues relating to Credit Card processing and security. At that time every network had their own set of rules and standards. Making it hard for businesses to comply, or even stay informed about the requirements. Often a business couldn’t follow the proper procedure simply due to confusion.

Around 2006 the major Credit Card networks, processors and providers began working to solve these issues. As a joint venture they formed the Payment Card Industry Security Standards Council. The original members of the council include Visa, MasterCard, American Express, Discover, and JCB. Under this new council the original PCI-DSS rules and documentation were created.

The new standards greatly simplified and improved security compliance for business owners. Rather than needing to understand every companies unique rules they had a single set.

The 12 steps to PCI Compliance

While at its core PCI Compliance is a very technical topic, it can be simplified to 12 points across 6 sections. Each section has their own defined objective and each point aims to achieve that objective.

Objective: Build and maintain a secure network

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters

Objective: Protect cardholder data

  1. Protect stored cardholder data
  2. Encrypt transmission of cardholder data across open, public networks

Objective: Maintain a vulnerability management program

  1. Use and regularly update anti-virus software on all systems commonly affected by malware
  2. Develop and maintain secure systems and applications

Objective: Implement strong access control measures

  1. Restrict access to cardholder data by business need-to-know
  2. Assign a unique ID to each person with computer access
  3. Restrict physical access to cardholder data

Objective: Regularly monitor and test networks

  1. Track and monitor all access to network resources and cardholder data
  2. Regularly test security systems and processes

Objective: Maintain an information security policy

  1. Maintain a policy that addresses information security

Again, that’s quite a lot more to PCI Compliance than just the steps above. These are simply meant to be an overview to give you a better picture of what PCI compliance entails.

If you would like more information on PCI compliance at Liquid Web see our PCI Compliance product page. Or you can read about our data center’s compliance on our SSAE/SOC page.

About the Author: David Singer

I am a g33k, Linux blogger, developer, student, and former Tech Writer for Liquidweb.com. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....

Have Some Questions?

Our Sales and Support teams are available 24 hours by phone or e-mail to assist.


Latest Articles

Liquid Web’s Incident Management Process

Read Article

How Does Containerization Work?

Read Article

Microsoft Exchange Server Security Update

Read Article

How to Monitor Your Server in WHM

Read Article

How to Monitor Your Server in WHM

Read Article