Aperio-it Logo

Formerly Aperio IT

  • Home
  • Services
    • Office 365 IT
    • Manage IT
    • Helpdesk IT
    • Cloud IT
    • Recover IT
    • Secure IT
  • About
    • Business Partners
    • Request A Demo
    • Referral Program
  • Support
    • Support Blog
  • Contact
  • Blog
  • Managed IT Support Services
  • Schedule My Free Assessment
Home Blog Is your company PCI compliant?

Is your company PCI compliant?

December 4, 2015 blog
pci-compliant

(Part 5 in our series on IT Compliance Concerns.)

What is the Payment Card Industry Data Security Standard?

In the first four parts of this series, we discussed SOX compliance (Sarbanes-Oxley or Sarbox) and HIPAA compliance (Health Insurance Portability and Accountability Act) and what Information Technology concerns arise from them. In this post we’ll look at what the Payment Card Industry Security Standard (PCI DSS or PCI) is, and how it can affect your company.

PCI DSS was originally separate security programs for five different companies: Visa, Mastercard, American Express, Discover, and JCB, a credit card company based in Japan. Each company was attempting to improve protections for storing, processing, and transmitting cardholder data. On December 15, 2004, these companies released version 1.0 of the Payment Card Industry Data Security Standard. Version 3.1 was released recently in April, 2015.

Which companies should be concerned about PCI DSS compliance?

The PCI DSS is a proprietary standard for for organizations handling Visa, Mastercard, American Express, Discover, and JCB credit cards. Private label cards are not included in the PCI DSS.

What are the penalties for failing to comply with PCI DSS?

Penalties are enforced by the payment brands, and can vary. They can include fines for banks from between $5,000 to $100,000 per month. Banks are likely to pass these fines on to merchants, who may also face having the bank terminate their relationship with the merchant or increasing transaction fees, both of which can have a profound negative effect on small businesses.

What does a business need to do to comply with PCI DSS?

Although detailed requirements can vary depending on the level of the business (determined by number of transactions), the twelve general requirements remain the same:

  1. Install and maintain a firewall configuration to protect cardholder data.
  2. Do not use vendor-supplied defaults for system passwords and other security parameters.
  3. Protect stored cardholder data.
  4. Encrypt transmission of cardholder data across open, public networks.
  5. Use and regularly update antivirus software.
  6. Develop and maintain secure systems and applications.
  7. Restrict access to cardholder data by business need-to-know.
  8. Assign a unique ID to each person with computer access.
  9. Restrict physical access to cardholder data.
  10. Track and monitor all access to network resources and cardholder data.
  11. Regularly test security systems and processes.
  12. Maintain a policy that addresses information security.

These requirements naturally mean challenges for your IT department. They may have to implement new security measures or more strictly enforce existing ones. (We will discuss this more detail in the next part of our series on IT compliance concerns.)

Coming soon: Part 6 in our series on IT Compliance Concerns, “What Does My IT Team Need to Know About PCI DSS Compliance?”

To learn more about PCI DSS and related issues:

  • View the PCI Standards and Documents.
  • Frequently Asked Questions for PCI DSS.

Other posts in this series:

  • Part 1: Making Sure Your Business is SOX Compliant
  • Part 2: What Does Your IT Team Need to Know About SOX Compliance?
  • Part 3: What Does HIPAA Mean?
  • Part 4: HIPAA Compliance and Your IT Team
It TeamPayment Card Industry Security StandardHIPAA CompliancePCI ComplaincePCI DDSPCI DSS
Share:

Sales: (916) 352-8792

Support: (916) 568-6830

Sales: info@aperio-it.com

Support: support@aperio-it.com

SUPPORT LINKS
  • Remote Support App
  • Login To Client Portal
  • Create Support Ticket
SUPPORT LINKS

© Copyright Aperio IT

APERIO IT HAS A NEWSLETTER

Sign up today for free & stay current with local IT news.

X
Support Agent

Christina F

IT Specialist

What Makes Us Unique
  • Free Network Assessment
  • Host of IT Services
  • $50 Million Infrastructures
  • 30 Second Response time
  • Over 125 IT & Help Desk Technicians
  • Unlimited 24/7 Support
BBB Rating
Looking for Managed Services?

Get in touch with us today to find out how can we help you

Proudly serving over 1000 business nationwide

Thank you for reaching out to us. One of our experienced team members will reach out to you shortly. If you need to speak with someone immediately.

Call us at 916.568.6830