Contact us to switch to Element and learn how cost-effective, PCI-DSS compliant payment processing can be. A program representative will contact you within 24 hours.

The PCI Security Standards Council has established twelve high-level PCI DSS requirements, which all merchants must comply.

Element has been a huge help when it comes to PCI DSS compliance. Their experts are available to help us understand how to meet these requirements and protect our business.”

– Chris Boyle, President, Proactive Services

The Payment Card Industry Data Security Standard, or PCI DSS for short, is a set of requirements that all businesses—regardless of size—must adhere to in order to accept payment cards. The purpose is to ensure the security of cardholder data and to help prevent credit card fraud, hacking, and other security issues. It is enforced by the major credit card companies that make up the Payment Card Industry Security Council—American Express, Discover, JCB, MasterCard and Visa.

PCI DSS Requirements

The twelve PCI DSS requirements catalog best practices that businesses should follow when handling customers’ payment cards or payment card information. They are broken down into six different categories:

Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security

The first version of PCI DSS was introduced in September 2006. At this time, the PCI Security Standards Council established a continual two year cycle of review and revision of PCI DSS. Accordingly, in October 2008 a second version was released with minor changes and clarifications. The first version will not be in effect until after December 31, 2008.

Merchants fall under four categories of PCI compliance, depending on the number of transactions they process each year, and whether those transactions are performed from a brick and mortar location or over the Internet. All merchants that process credit cards—whether small or large—must be PCI compliant.

Element Payment Services is on the board of the PCI Security Standards Council and is equipped to help you understand and comply with PCI DSS, whether you are a software provider or a merchant.

To learn more about PCI DSS Requirements, download our PCI DSS white paper.

Element Payment Services Inc. is a registered ISO/MSP with First National Bank of Omaha. © 2010 Element Payment Services, Inc.
Website updated on: 2/9/2010

About Element | Contact Element | Sitemap | Terms and Conditions | 1.866.435.3636 x721