What is PCI Compliance?
Due to growing concerns with credit card fraud and widely publicized security breaches involving cardholder data, the credit card industry established new standards called Payment Card Industry Data Security Standards (PCI DSS but often referred to as just PCI compliance).
These requirements cover a wide assortment of practices, technology, and systems and can be very complex to understand, let alone comply with. Primarily they relate to how your organization handles, stores and transmits cardholder data. Here are a few of the most important elements:
- Never store CVV2 data (the 3-digit code on the back of cards) or magnetic strip data
- If credit card numbers need to be stored or transmitted, they should generally be encrypted with at least 128-bit encryption.
- Restrict access to physical and electronic cardholder data with user specific passwords and based on business need-to-know.
More complete information on the PCI DSS can be found at www.pcisecuritystandards.org