Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

PCI compliance checklist

The PCI Security Standards Council outlines 12 components forming the PCI compliance checklist

If you're business is obliged to undertake a PCI audit, then following a PCI compliance checklist will ensure that you're security processes and payment processing meet the compliance standards. To ensure that you are meeting PCI compliance standards, you'll need to start by looking at what exactly PCI compliant means.

PCI (Payment Card Industry) compliance means that your business operates within the standards set by the industry's governing body, the PCI Security Standards Council (PCI SSC). PCI security is about protecting customers when processing and storing information on transactions carried out using credit or debit cards.

See What is PCI compliance?

With changes in the way that cards are used, such as online purchases and changes in point of sale technology, there have been a growing number of opportunities for credit cards to be compromised. As a result of this, the need for business to remain PCI compliant has become essential in order to safeguard credit card use.

By adhering to the standards set out by the industry, being PCI compliant will reduce the risk of a security breach resulting in the misuse of customers’ data and credit card information.

PCI compliance is required by all merchants — whether large or small — and it includes compliance for online transactions whereby credit card details such as card numbers, expiration dates and other security codes are transmitted online.

The following 12 components form part of the PCI compliance checklist outlined by the PCI Security Standards Council. This checklist aims to establish and maintain a secure, impenetrable network focusing on security of payment brands users.

  • Install and keep updated a firewall between the public network and the payment card data
  • Change vendor-supplied passwords that come with network and payment processing equipment
  • Protect any customer data stored for business purposes or regulatory purposes
  • Encrypt all transmissions of customer data over any public network
  • Maintain antivirus software in all of your computers
  • Deploy only secure card processing applications and systems
  • Limit access to the customer payment data to as few people as possible on the “need-to-know” basis within your business
  • Use building entry authentication such as visitor and employees badges with identification to limit access to stored data
  • Keep restricted physical access to business computers and customer data
  • Regularly test security applications and any PCI security processes that you have in place
  • Keep all employees informed about your information security policies

Generally, businesses will implement the necessary security measures to ensure these requirements are adhered to. Carrying out self evaluation of PCI security processes will help to ensure that your business is providing a secure environment and protecting customer data efficiently.

Maintaining a high level of security is preferable to falling foul of a security breach and then having to go through an expensive process of re-establishing accounts; not to mention the potential loss of customers if your business caused customer card details to be leaked.

Following the guidelines in the PCI compliance checklist will provide customers with security and peace of mind when dealing with your business. It will also help you to develop appropriate processes and procedures for handling of card data and customer information.

If you're confused about how to get started with this process, then contracting a qualified assessment firm can help you to pinpoint any areas of improvement in your existing security policies.

Recommended reading:
PCI compliance services in Australia

PCI compliance requirements for Aussie businesses

Understanding PCI compliance auditing

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: credit cards, PCI audit, PCI compliance, PCI Security Standards Council (PCI SSC), security
Latest Blog Posts
Whitepapers
  • Case Study: Svenska Kraftnät safeguards web and ensures communication security with Clearswift
    Energy producers from surrounding countries load power onto the Swedish National Grid’s network, with energy suppliers then paying the Swedish National Grid to load onto their grids for them to sell-on to customers. Using Clearswift’s Email Appliance, and MIMEsweeper for SMTP means that the organisation has safe and resilient email helping them to meet their goal of providing a safe, robust, cost-effective and environmentally sound energy transmission system.
    Learn more »
  • Top Reasons to Implement an SOA Governance Strategy: A List for IT Executives
    Service-oriented architecture (SOA) has moved beyond hype to widespread acceptance as an IT strategy for delivering business value. SOA promotes the notion of modularity, providing overwhelming flexibility and superior economics for addressing business demands. However, undertaking the transformation to SOA is not without its challenges. If left unchecked, your inventory of SOA assets will become unmanageable; the reuse of services will diminish in favor of custom development; or even worse, modifications will be made to your existing services that break other business processes. The purpose of SOA governance is to help you ensure that this does not happen. This paper outlines the most compelling reasons for you to establish SOA governance within your organization.
    Learn more »
  • Business Intelligence Best Practices for Dashboard Design
    Even if a dashboard’s appearance looks professional and is aesthetically pleasing, appearances can be deceiving. Although visual design is important, it is also important to ask yourself: Is the data reliable? Is it timely? Is any data missing? Is it consistent across all dashboards?. This paper offers an overview of best practice business intelligence (BI) dashboard design principles and discusses data integration options for getting data into a dashboard.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments