Guide to PCI Compliance
What Is It?
What is PCI Compliance?
Secure payment systems ensure your customers that you can be trusted with their payment information.
PCI Compliance is a standard created by major credit institutions like American Express, Visa, Mastercard, and JCB. It is designed to protect consumer’s financial information from cybercriminals.
Who should be PCI Compliant?
Vendors, Merchants, Service Providers
Anyone who provides goods or services to businesses or consumers and accepts payments via credit card.
The Principles
What does PCI Compliance consist of?
There are 12 data security requirements that every merchant is required to follow. While there are also over 200 sub-requirements, not all of them may apply to your business.
Twelve security requirements of PCI DSS Compliance
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software or program
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need to know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security for all personnel
A Real World Example
In 2013, Target was subject of a consumer-focused hack that affected customers who shopped at U.S. Target stores between November 27 and December 15.
70 million customer names, credit or debit card numbers, expiration dates and CVVs were involved in the information theft.
Our Approach
Our 4-Step Approach to IT Compliance
1. Compliance Audit
Our team conducts a series of interviews and a network audit to determine data access and usage.
2. Gap Analysis
A gap analysis identifies the missing pieces necessary to achieve compliance.
3. Remediation Plan
A remediation plan is put forth and executed with action steps towards compliance based on priority level.
4. Management
ITonDemand then monitors system usage and provides the service and support to maintain compliance.
Compliance In Action
Florida Manufacturing Firm
A small north Florida manufactures CNC close tolerance machined parts, custom components, and assemblies for the defense sector. Given the sensitive nature of the parts being manufactured, it was vital that communications and manufacturing specifications were secure while organizational infrastructure was put in place and maintained to NIST Compliance.
Contact Us For Support
Nationwide Coverage
Nationwide Coverage + Local Service
ITonDemand delivers nationwide IT services through a network of support centers and offers 24×7 remote assistance
Need More From Your IT Services Provider?
ITonDemand is a division of eResources: your expert partner in digital transformation and growth, providing IT services, software development, marketing and branding. Learn more about the benefits of a vertically-integrated IT services partner.