BTerrell Group Blog

PCI Compliance - What You Should Know

Posted by Jeannette Grand on Fri, Jan 29, 2010

Requirements established by the five major credit card networks may affect your ability to accept credit cards. Referred to as the Payment Card Industry Data Security Standards (PCI-DSS), they impose new requirements for merchants to follow, and they may apply to you. If so, you must comply by July 1, 2010, or risk losing the ability to process credit cards.

PCI-DSS is a security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures at a merchant location. This comprehensive standard is intended to help organizations proactively protect customer account data.

There are 12 requirements that fall into these six categories:

1.    Build and Maintain a Secure Network: Install and maintain a firewall and use unique, high-security passwords with special care to replace default passwords.

2.    Protect Cardholder Data: Whenever possible, cardholder data must not be stored. You must also encrypt any data passed across public networks, including your shopping cart and Web-hosting providers.

3.    Maintain a Vulnerability Management Program: Use anti-virus and keep it up date. Develop and maintain secure operating systems and payment applications. Ensure the applications you use are compliant (see

4.    Implement Strong Access Control Measures: Access to cardholder data - both electronic and physical - should be on a "need-to-know" basis. Ensure those people with access have a unique ID and password. Do not share logon information.

5.    Regularly Monitor and Test Networks: Track and monitor all access to networks and cardholder data. Ensure you have a regular testing schedule for security systems and processes including firewalls, patches, and anti-virus.

6.    Maintain an Information Security Policy: It's critical that your organization has a resource for governing your company's data security. Ensure you have a policy and that it's disseminated and updated regularly.

Find out what your company needs to do to meet the new PCI-DSS standards - take this Self-Assessment today.  Take Assessment

To protect you and your customers from credit card fraud, any previously collected credit card data you may be storing within your accounting system must be removed. To find out more, please contact Brian Terrell at 214-647-2611, ext. 101.