WebHostingTalk

hosted by liquidweb

 

PCI compliance

Contents

What is PCI compliance?

PCI (Payment Card Industry) compliance is a security standard to help merchants protect credit card data, both online and offline, for all types of credit cards. Also called PCI Data Security Standard (PCI DSS), it helps protect consumers against identity theft as well as credit card data theft. The PCI Security Standards Council (PCI SSC) developed PCI compliance to have a common standard for cardholder data protection.

Making your business PCI compliant does not guarantee that the credit card data your business collects is safe from theft. However, each step taken toward PCI compliance provides another level of security.

PCI compliance is not required by US federal law, but some state laws require it.

PCI compliance requirements

The 12 requirements for PCI compliance are organized according to the six objectives below (source). For details of the 12 requirements, see the PCI Security Standards Council website.

  • Install and maintain a firewall.
  • Protect cardholder data.
  • Maintain a vulnerability management program.
  • Implement strong access control measures.
  • Regularly monitor and test networks.
  • Maintain a policy that addresses information security.

PCI compliance and web hosting

Some web hosting providers offer PCI compliance as a service. When choosing a web host that offers PCI compliance, check exactly what the provider is offering. The company may guarantee that their servers meet PCI compliance standards or that they run PCI vulnerability scans, for example. Other web hosts may offer more or fewer PCI compliance services. It's important to be aware of what the web host does not provide as well as what the company does provide.

No matter how good a web host's PCI compliance services are, e-commerce merchants still need to take some steps on their own. Maintaining a policy that addresses information security, for example, involves all company staff that have access to credit card data.

External links

See also

Retrieved from "http://www.webhostingtalk.com/wiki/PCI_compliance"

Web Hosting Wiki article text shared under a Creative Commons License.

Personal Tools

Toolbox

 

Learn more about advertising opportunities across the iNET Interactive Network.

LiquidWeb