PCI compliance (payment card industry compliance)

Payment card industry (PCI) compliance is adherence to a set of security standardsthat were developed to protect card information during and after a financial transaction.

Payment card industry (PCI) compliance is adherence to a set of specific security standards that were developed to protect card information during and after a financial transaction. PCI compliance is required by all card brands.

There are six main requirements for PCI compliance. The vendor must:

1. Build and maintain a secure network

- Install and maintain a firewall configuration to protect cardholder data.
- Not use vendor-supplied defaults for system passwords and other security parameters.
 

2. Protect cardholder data

- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.
 

3. Maintain a vulnerability management program

- Use and regularly update anti-virus software.
- Develop and maintain secure systems and applications.
 

4. Implement strong access control measures

- Restrict access to cardholder data by business need-to-know.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
 

5. Regularly monitor and test networks

- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
 

6. Maintain an information security policy

- Maintain a policy that addresses information security.

Learn More

Learn why looking at PCI compliance as a checkbox project is not a good idea.

This was first published in September 2009

Glossary

'PCI compliance (payment card industry compliance)' is part of the:

View All Definitions

Dig deeper on Industry-specific requirements for compliance

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCIO

SearchHealthIT

SearchCloudComputing

SearchDataCenter

SearchDataManagement

SearchSecurity

Close