PCI Compliance

Data Security StandardNo matter the size of your operation, if you accept credit card payments, you must protect cardholder data.

In 2005, Payment Card Industry Council created the Payment Card Industry Data Security Standard– a requirement of all five major credit companies including American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa.

The more transactions a merchant completes a year, the more checks and audits needed to remain in compliance. When transmitting credit card data merchants and stores must, at minimum, implement the following:

  • Employ Approved Scanning Vendors (ASVs) to assess website and server vulnerability
  • Perform security audits
  • Complete self assessment questionnaires (SAQs)

What Are the 12 PCI Requirements?

According to NDB Advisory, PCI standards fall into 6 overarching categories with a total of 12 key requirements to remain compliant: 

Build and Maintain a Secure Network

  • Requirement 1- Install and maintain a firewall.
  • Requirement 2- Do not use vendor-supplied defaults for system passwords or other security parameters.

Protect Cardholder Data

  • Requirement 3- Protect stored cardholder data.
  • Requirement 4- Encrypt transmission or cardholder data across public networks.

Maintain a Vulnerability Management Program

  • Requirement 5- Protect all systems against malware and regularly update anti-virus programs.
  • Requirement 6- Develop and maintain secure systems and applications.

Implement Strong Access Control Measures

  • Requirement 7- Restrict access to cardholder data by business need-to know.
  • Requirement 8- Identify and authenticate access to system components.
  • Requirement 9- Restrict physical access to cardholder data.

Regularly Test and Monitor Networks

  • Requirement 10- Track and monitor all access to network resources and card holder data.
  • Requirement 11- Regularly test security systems and processes.

Maintain an information security policy

  • Requirement 12- Maintain an information security policy.

Global IP Networks is PCI audited and declared compliant since 2012.

To take a tour of our Plano or Dallas facilities, simply book an appointment. The proof will be found in the unparalleled quality of your protective equipment and infrastructure.

Need help with IT and don’t know where to go? 

Let’s start by setting up a conversation and we’ll go from there.