What Is PCI Compliance?

PCI is an information security standard for organizations that handle credit card payments. It seeks to ensure that all businesses processing, storing, or transmitting any cardholder information do so in a secure environment.

We have recently witnessed a tremendous surge in cyber crimes in the financial sector; credit card fraud has gone up by over 160%. What does this mean for your Minnesota business? It’s either bad cyber actors have upped their game, or you have lowered down your cybersecurity guards. Whatever the case, the credit card industry is faced with a potential cybersecurity crisis — unless we institute urgent interventions.

In this article, we will look at how PCI compliance can help you secure your clients’ cardholder credentials’ integrity and privacy. On-Site Computers is Minnesota’s top IT company, with almost three decades of tested and proven hyper professional IT solutions.

Here’s an introductory video to get us started:

YouTube video

What Exactly Is PCI DSS?

The Payment Card Industry Data Security Standards (PCI DSS) is a set of regulations for organizations that handle credit card information. It’s an initiative of major card payment brands — MasterCard, Visa, American Express, Discover, and JCB. They jointly established an independent body, the PCI Security Standards Council (PCI SSC), to administer and manage data security standards for merchants that use their services.

While it’s PCI SSC that develops PCI DSS, the Standard is enforced based on your agreement with individual payment brands and acquirers.

What Are The Requirements For PCI Compliance? The Standard has more than 400 test procedures, which we have summarized into 5 broad areas for clarity:

  1. You must design and maintain a secure network.
  2. You must protect the privacy and integrity of cardholder data.
  3. Develop and maintain reliable systems for managing network vulnerabilities.
  4. Monitor and regularly assess your network for threats.
  5. You must maintain a well-thought-out, responsive information security policy for all your procedures.

PCI DSS compliance requirements vary depending on your business’s size.

For a small business that uses a standalone bank card terminal provided by the payment brand:

  • Your Staff Must Have Unique IDs for Access to Cardholder Data: In case of a data breach, you can always trace individual users based on their logons and login activities.
  • Proper Password Protection for All Systems and Devices With Cardholder Information: Do not use generic passwords supplied by device vendors; cyber attackers can easily compromise them. Instead, implement robust password protection and expiration protocols.
  • Restrict Access to Cardholder Data: Whether they’re stored physically or electronically, strictly limit access to such sensitive information to a ‘need-to-know’ basis. PCI DSS also requires you to have up-to-date records of all access attempts, both granted and denied. Finally, you must have an updated inventory of all the roles that need access to cardholder data.
  • Maintain Written Policies: Mainly on how your business obtains, stores, transmits, and processes cardholder information.

Larger businesses with third-party software or Point-of-Sales systems should have the following additional security measures:

  • You must encrypt all bank card information before transmission.
  • You should regularly assess your network for threats and have a PCI-certified company scan your systems quarterly.
  • Use and maintain antivirus software and firewall around all cardholder databases.

Why Should Your Minnesota Business Be PCI Compliant?

Non-Compliance Is Quite Costly: The payment brands will fine you or even ban your organization from receiving card payments. Besides, PCI defines cardholder information as Personally Identifiable Information. So, a PCI violation qualifies you for a GDPR breach, which attracts penalties of up to $23,400,000. Such circumstances will also gravely tarnish your public image.

However, PCI compliance is not just a PR strategy or a way to evade enforcement actions. As you must have noticed, most PCI compliance requirements are just your standard security protocols designed for specific scenarios. As you implement these measures ‘to be PCI compliant,’ you are equally working on enhancing your cybersecurity status. The truth is your business is the biggest beneficiary.

Organizations in and around Minnesota have been trusting On-Site Computers for PCI compliance and other compliance and IT support services since 1996. Book a Meeting with us now, and speak to one of our professionals about your PCI compliance needs.


Mike Bowe | Published on December 07, 2020