PCI compliance: A 12-step program

(PCI compliance: A 12-step program)

Visa has levied a July 1 deadline for merchants to conform to the PCI Data Security Standard, a set of


• Create a security culture of data protection, compliance

• To prevent security breaches, know how they occur

• Return to series home page



requirements for enhancing payment account data security developed by the PCI Security Standards Council. Other credit card brands have set similar deadlines for compliance.

If a merchant is not deemed compliant and is consequently breached, it will incur a slew of substantial repercussions, including a bill for the forensic investigation, fines, increased processing rates and a loss of consumer confidence.

Click here to read "Create a security culture of data protection, compliance"

“We don’t do this in a vacuum; we do this in conjunction with all the constituents and members of the council, many of which are hotel and motel management companies,” said Bob Russo, GM of the PCI SSC. “We evolve these standards based on their feedback.”

The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI SSC.

1. Install and maintain a firewall configuration to protect cardholder data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters.
3. Protect stored cardholder data.
4. Encrypt transmission of cardholder data across open, public networks.
5. Use and regularly update anti-virus software.
6. Develop and maintain secure systems and applications.
7. Restrict access to cardholder data by business need-to-know.
8. Assign a unique ID to each person with computer access.
9. Restrict physical access to cardholder data.
10. Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.
12. Maintain a policy that addresses information security.