PCI compliance (payment card industry compliance) definition

Payment card industry (PCI) compliance is adherence to a set of specific security standards that were developed to protect card information during and after a financial transaction. PCI compliance is required by all card brands.

There are six main requirements for PCI compliance. The vendor must:

1. Build and maintain a secure network

- Install and maintain a firewall configuration to protect cardholder data.
- Not use vendor-supplied defaults for system passwords and other security parameters.

2. Protect cardholder data

- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.

3. Maintain a vulnerability management program

- Use and regularly update anti-virus software.
- Develop and maintain secure systems and applications.

4. Implement strong access control measures

- Restrict access to cardholder data by business need-to-know.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.

5. Regularly monitor and test networks

- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.

6. Maintain an information security policy

- Maintain a policy that addresses information security.

Learn More

Learn why looking at PCI compliance as a checkbox project is not a good idea.

This was first published in September 2009

Dig Deeper on Industry-specific requirements for compliance



Find more PRO+ content and other member only offers, here.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:


File Extensions and File Formats

Powered by: