Payment Card Industry or PCI compliance is adherence to a set of security standards that were developed to protect card information during and after a financial transaction.
PCI applies to all organizations or merchants, regarless of size or number of transactions, that accepts, transmits or stores any cardholder data. This means that if any customer of that organization ever pays for the merchant directly using a credit card or debit card, then the PCI DSS requirements apply.
What are the requirements of PCI Compliance?
The vendor must:
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy