PCI DSS requirements

The PCI Security Standards Council has established twelve high-level PCI DSS requirements, which all merchants must comply.

PCI Compliance Guide
Element has been a huge help when it comes to PCI DSS compliance. Their experts are available to help us understand how to meet these requirements and protect our business.”

Chris Boyle, President, Proactive Services

The Payment Card Industry Data Security Standard, or PCI DSS for short, is a set of requirements that all businesses—regardless of size—must adhere to in order to accept payment cards. The purpose is to ensure the security of cardholder data and to help prevent credit card fraud, hacking, and other security issues. It is enforced by the major credit card companies that make up the Payment Card Industry Security Council—American Express, Discover, JCB, MasterCard and Visa.

PCI DSS Requirements

The twelve PCI DSS requirements catalog best practices that businesses should follow when handling customers’ payment cards or payment card information. They are broken down into six different categories:

Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security

The first version of PCI DSS was introduced in September 2006. At this time, the PCI Security Standards Council (PCI SSC) established a continual two year cycle of review and revision of PCI DSS. This fall, the PCI SSC released PCI DSS Version 2.0, which included existing requirement clarifications, additional guidance and minor changes to evolving PCI DSS requirements. Any merchant submitting a report of PCI DSS compliance after December 31, 2010 must comply with PCI DSS Version 2.0.

Merchants fall under four categories of PCI compliance, depending on the number of transactions they process each year, and whether those transactions are performed from a brick and mortar location or over the Internet. All merchants that process credit cards—whether small or large—must be PCI compliant.

Element Payment Services is on the board of the PCI Security Standards Council and is equipped to help you understand and comply with PCI DSS, whether you are a software provider or a merchant.

To learn more about PCI DSS Requirements, download our PCI DSS white paper. Or our PCI Compliance Guide

Home | About Us | Contact Us | Investor Relations | Career Opportunities | Privacy Policy | Sitemap | Blog

Element Payment Services | 

Ease the PCI Compliance burden with Element Payment Service’s fully integrated payment processing solutions
500 North Juniper Drive, Suite 100 Chandler, AZ
 |  Phone: 866-435-3636
Element Payment Services, Inc., a Vantiv Company, is a registered ISO/MSP of Fifth Third Bank, Cincinnati, OH. |  © 2014 Element Payment Services, Inc.