 - Payment card industry (PCI) compliance is adherence to a set of specific security standards that were developed to protect card information during and after a financial transaction. PCI compliance is required by all card brands.
There are six main requirements for PCI compliance. The vendor must:
1. Build and maintain a secure network
- Install and maintain a firewall configuration to protect cardholder data.
- Not use vendor-supplied defaults for system passwords and other security parameters.
2. Protect cardholder data
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.
3. Maintain a vulnerability management program
- Use and regularly update anti-virus software.
- Develop and maintain secure systems and applications.
4. Implement strong access control measures
- Restrict access to cardholder data by business need-to-know.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
5. Regularly monitor and test networks
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
6. Maintain an information security policy
- Maintain a policy that addresses information security.
Learn More
Learn why looking at PCI compliance as a checkbox project is not a good idea.
Jeremy Needle, a security consultant at Katana InfoTech, has an excellent introduction to PCI compliance.
 |
Learn more about Industry-specific requirements for compliance |
| LAST UPDATED: |
23 Sep 2009
|
 |
Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com
|
 |
 |
| |
RELATED GLOSSARY TERMS
| Terms from Whatis.com − the technology online dictionary |
 |
XBRL
(SearchCompliance.com)
XBRL (Extensible Business Reporting Language) is an XML-based computer language for the electronic transmission of business and financial data. The...
|
|
|
Show me everything on 
