Compliance Glossary

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security guidelines established in 2004 by none other than the major credit card companies like MasterCard, Visa, Discover Financial Services, JCB International, and American Express. To get to know what PCI DSS involves in one go, take a look at the six key goals for compliance with this framework:

• Secure network and systems: This includes the use of strong firewalls and the use of specialized ones for wireless networks. Avoid using vendor-provided authentication models
• Protect cardholder data: Safeguard cardholder information wherever it’s stored, including sensitive data like birthdates, names, and Social Security numbers 
• Vulnerability management: Establish programs to assess and manage risks, guarding against malicious activities like spyware and malware
• Access control: Restrict and manage access to system information and operations. Each user should have a unique and confidential ID 
• Monitor and test networks: Regularly check and test networks to ensure security measures work effectively and stay up to date
• Information security policy: Formulate, maintain, and follow a formal policy

So, who needs to comply with PCI DSS? 

Any business that accepts credit card payments or handles payment card data must adhere to the PCI DSS guidelines. However, it’s not a legal requirement but just an industry standard ensuring card transaction security.