(PCI DSS) is simply a set of 12 requirements created by the major card brands to help fight fraud and ensure that cardholder data is kept safe. Compliance is required by all merchants accepting the major credit cards (Visa, MasterCard, Discover, AMEX, JCB).  It does not matter how large or small your company is.  All businesses must follow the PCI-DSS security standards to ensure the protection of vital cardholder data.

"PCI was formed to help protect your business from potential data breaches and hackers"

What is sensitive data?

What do I need to do to get validated?

  1. Self Assessment Questionnaire (SAQ)
  2. Quarterly Vulnerability Scanning, if applicable
    1. Outward facing IP Address
    2. Internet/Ethernet Connectivity
    3. VoIP Ex. Vonage, Magick Jack

What is the Self Assessment Questionnaire?

The “SAQ” is a tool for businesses who are not required to do on-site assessments for PCI DSS compliance.

What is Vulnerability Scanning?

Picture
Vulnerability scanning is required for any merchant who processes credit cards through a public facing IP address.  This will scan your system for any vulnerabilities that could be used by a hacker.
Visit these sites for additional information about PCI.

PCI Security Standards Council- http://www.pcisecuritystandards.org/
VISA’s CISP Program – http://usa.visa.com/merchants/risk_management/cisp.html
VISA’s Business Guide to Security –http://usa.visa.com/merchants/risk_management/data_security_demo/popup.html?popupwindow

MasterCard – http://www.mastercard.com/us/sdp/index.html
American Express (Merchants) – http://www.americanexpress.com/merchant
Federal Trade Commission – http://www.ftc.gov/infosecurity/