Controls that a company implements to protect its assets and meeting the standards that a third-party has set forth as best practices.
PCI compliance is compliance with The Payment Card Industry Data Security Standard (PCI DSS), a set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a secure environment.
Requirements for PCI DSS Compliance
- Use and Maintain Firewalls — Firewalls essentially block access of foreign or unknown entities attempting to access private data. These prevention systems are often the first line of defense against hackers
- Proper Password Protections — — Routers, modems, point of sale (POS) secure systems, and other third-party products often come with generic passwords and security measures easily accessed by the public.
- Encrypt Transmitted Data — Cardholder data is sent across multiple ordinary channels (i.e., payment processors, home office from local stores, etc.).
- Restrict Physical Access — Any cardholder data must be physically kept in a secure location. Both data that is physically written or typed and data that is digitally-kept should be locked in a secure room.