If you process, store or transmit credit card payments your organisation must become PCI DSS (Payment Card Industry Data Security Standard) compliant.
PCI DSS provides mandated guidelines for storing cardholder details, including credit card number, cardholder name and card expiry date.
Visa and MasterCard® have developed PCI DSS for organisations processing credit card payments. It's designed to prevent credit card fraud due to hacking and other misuse of cardholder details.
The level of compliance for your business depends on the number of transactions you are processing (or expect to process).
PCI best practices
The key practices you need to follow are:
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain a policy that addresses information security.
Achieving PCI Compliance
The objective of PCI DSS is for you to become 'PCI compliant'. Depending on the volume and type of transactions you process it may be mandatory for you to complete a program conducted by a qualified independent scan vendor such as ScanAlert.
MasterCard® is a registered trademark of MasterCard Worldwide 1994-2010.