What is PCI Compliance? | PCI DSS
NuArx can help.
What is PCI Compliance?
PCI compliance involves adhering to Payment Card Industry Data Security Standard (PCI DSS), a set of 12 requirements (and hundreds of sub-requirements) set by the PCI Security Standards Council (PCI SSC). At the heart, PCI compliance enforces all companies involved with credit card information to maintain a secure environment to protect cardholder data.
What is the PCI SSC?
The Payment Card Industry Security Standards Council (PCI SSC) was created by the five card brands. The PCI SSC created the PCI DSS and is now the governing body for the standard. The PCI DSS layers security from start to end. It serves four level of merchants and two levels of service providers. The PCI SSC updates the PCI DSS every three years.
All merchants that accept credit cards must comply with these requirements on an ongoing basis. This is done to ensure that you are helping to protect your customers’ payment card information throughout every transaction.
There are three ongoing, common-sense steps for adhering to the PCI DSS:
- Assess: Identify cardholder data, take an inventory of your IT assets and business processes for payment card processing. Analyze them for vulnerabilities that could expose cardholder data.
- Remediate: Fix vulnerabilities and do not store cardholder data unless you need it.
- Report: Compile and submit required remediation validation records (if applicable). Submit compliance reports to the acquiring bank and card brands you do business with.
Our approach to PCI compliance support:
The PCI Security Standards Council offers robust and comprehensive standards and supporting materials, as well as maintaining a public list of Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs) to help merchants in their compliance efforts.
NuArx is certified as a QSA and ASV by the PCI Security Standards Council.
Are you currently PCI compliant?
What is PCI Compliance?
PCI DSS is a set of 12 requirements (and hundreds of sub-requirements) set by the PCI Security Standards Council (PCI SSC) and enforced by the payment card brands to protect cardholder data. All merchants that accept credit cards must comply with these requirements on an ongoing basis. This is done to ensure that you are helping to protect your customers’ payment card information throughout every transaction and that they, and you, are protected against the financial devastation of a data breach.
There are three ongoing, common-sense steps for adhering to the PCI DSS:
- Assess: Identify cardholder data, take an inventory of your IT assets and business processes for payment card processing, and analyze them for vulnerabilities that could expose cardholder data.
- Remediate: Fix vulnerabilities and do not store cardholder data unless you need it.
- Report: Compile and submit required remediation validation records (if applicable), and submit compliance reports to the acquiring bank and card brands you do business with.
Our approach to PCI compliance support:
The PCI Security Standards Council offers robust and comprehensive standards and supporting materials, as well as maintaining a public list of Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs) to help merchants in their compliance efforts.
NuArx is certified as a QSA and ASV by the PCI Security Standards Council.