Home
Topics
Assessing your regulatory compliance needs
Industry-specific requirements for compliance
PCI compliance (payment card industry compliance)

Definition

PCI compliance (payment card industry compliance)

Payment card industry (PCI) compliance is adherence to a set of specific security standards that were developed to protect card information during and after a financial transaction. PCI compliance is required by all card brands.

There are six main requirements for PCI compliance. The vendor must:

1. Build and maintain a secure network

- Install and maintain a firewall configuration to protect cardholder data.
- Not use vendor-supplied defaults for system passwords and other security parameters.

2. Protect cardholder data

- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.

3. Maintain a vulnerability management program

- Use and regularly update anti-virus software.
- Develop and maintain secure systems and applications.

4. Implement strong access control measures

- Restrict access to cardholder data by business need-to-know.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.

5. Regularly monitor and test networks

- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.

6. Maintain an information security policy

- Maintain a policy that addresses information security.

Learn More

Learn why looking at PCI compliance as a checkbox project is not a good idea.

Related glossary terms: IFRS (International Financial Reporting Standards), native advertising, FTC (Federal Trade Commission), Whistleblower Protection Act , corporate social responsibility (CSR), AICPA (American Institute of Certified Public Accountants), Volcker rule, NERC CIP (critical infrastructure protection), Video Privacy Protection Act of 1988, FPCA (Foreign Corrupt Practices Act)

This was last updated in September 2009

Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchCompliance.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

#Compliance: Proposal to update wiretapping laws draws controversy

Twitter was abuzz after a report of possible updates to wiretapping laws. Opponents argue it would dramatically alter civil rights and online privacy.
U.S. Senate Judiciary Committee approves digital privacy laws update

The U.S. Senate Judiciary Committee has approved updates to two digital privacy laws that proponents say are needed to keep pace with technology.
JOBS Act to have little influence on GRC tools and processes, for now

The JOBS Act alters compliance requirements for emerging companies, but experts say it should have little influence on GRC tools and strategy for those already on the right track.

Articles

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

Research More Tech Terms

Search thousands of tech definitions
Browse tech definitions
Browse Alphabetically:
- A
- B
- C
- D
- E
- F
- G
- H
- I
- J
- K
- L
- M
- N
- O
- P
- Q
- R
- S
- T
- U
- V
- W
- X
- Y
- Z
- #

Powered by WhatIs.com

File Extensions and File Formats

File Extension and File Formats List:

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
#

Powered by WhatIs.com

More from Related TechTarget Sites

CIO
CIO-Midmarket
Health IT
Cloud computing
Data Center
Data Management
Security

CIO
- Consistent cybersecurity training a must to meet evolving threats
  
  In this week's Searchlight: bold new threats highlight need for cybersecuity training, why big data requires soft skills, cloud confusion and more.
- For effective cybersecurity, communicate and cover your assets
  
  Learn how to tackle cybercrime from former White House CIO Theresa Payton and former federal Cybersecurity Coordinator Howard Schmidt.
- Exploring the 'Big Data Frontier'
  
  IT business strategist Harvey Koeppel draws on historical data to explore the 'Big Data Frontier' and its potential to profoundly change the world.
searchCIO-Midmarket
- Data science: A crash course
  
  Is your organization practicing good data science? Contributor Phil Simon examines how data scientists are transforming big data into 'the new oil.'
- Turning a mobile sales app gap into a new business opportunity
  
  IT Leadership Award finalist Helane Stein turned a mobile sales app gap into a mobile movement inside and outside her company.
- YES Prep IT leader builds, then rebuilds IT after natural disaster
  
  IT Leadership Awards finalist Troy Neal is forced to rebuild IT at YES Prep after a devastating natural disaster. Learn about Neal in this Q&A.
Health IT
- The tangled web: BYOD and HIPAA
  
  The HIPAA omnibus will become official this fall. Is your organization prepared to handle data breaches, BYOD policies and network security?
- HIMSS analytics study weighs in on wireless networks and cloud
  
  A 2013 HIMSS study reveals organizations in the midst of managing wireless networks and cloud computing, among other IT initiatives.
- Any hospital can unleash healthcare innovation
  
  Small hospitals and physician practices may not feel like innovators, but healthcare innovation can happen anywhere.
Cloud computing
- Google Compute Engine prices on par with AWS -- for now
  
  Conventional wisdom has Google and AWS locked in the Price War of the Titans with the launch of GCE, but a deeper look reveals a different truth.
- Limiting the effects of cloud computing outages
  
  After making the case for cloud based on high availability, IT pros are upset by cloud outages. With planning, there are ways to craft a strategy.
- Amazon Redshift an appealing alternative to on-premises data warehouse
  
  Amazon Redshift has intriguing pricing and features, but beware of its differences from a traditional, on-premises data warehouse.
Data Center
- Data center technologies evolve to meet tomorrow's computing demands
  
  VMware's upcoming public cloud and AMD's 64-bit ARM servers are technologies for the data center that exemplify the changes in the IT industry.
- New data center cooling strategies to improve efficiency, lower costs
  
  Stagnant strategies for data center cooling will keep energy bills climbing ever higher, but a more modern approach can bring them back down to earth.
- Converged systems usher in data center transformation
  
  The rise of converged systems has brought a new level of manageability to the data center, but these integrated offerings have a few drawbacks.
Data Management
- New BI stack tackles data load at Boston Children's Hospital
  
  Boston Children's Hospital upgraded its business intelligence architecture to boost enterprise reporting, a move that also required retraining users.
- Expanded Hadoop use cases will drive need for new enterprise features
  
  With user interest rising, Hadoop vendors are trying to pave a path to higher adoption with add-ons that target issues holding the technology back.
- Jim Goodnight on SAS in-memory analytics and the data scientist
  
  A podcast Q&A with SAS execs Jim Goodnight and Jim Davis looks at big data enablers, including in-memory analytics, and the role of data scientists.
Security
- Using EMET to harden Windows XP and other legacy applications
  
  Expert Michael Cobb details how using EMET, a free tool from Microsoft, can harden Windows XP and other legacy applications.
- Beyond privacy policies: Practical privacy for websites and mobile apps
  
  Posting a privacy policy is not enough. Here's practical advice for privacy on websites and mobile apps.
- Exploit kits evolved: How to defend against the latest attack toolkits
  
  Expert Nick Lewis details how automated exploit kits are evolving and offers mitigations for the latest methods employed by these attack toolkits.

All Rights Reserved,Copyright 2009 - 2013, TechTarget