Getting Started - Becoming PCI Compliant
What is PCI DSS
So what exactly is PCI DSS and why should your organization care. Let’s start with the basic definition and dive into more detail. "The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide information security standard defined by the Payment Card Industry Security Standards Council. The standard was created to help payment card industry organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations that hold, process, or exchange cardholder information from any card branded with the logo of one of the card brands." Source: Wikipedia (http://en.wikipedia.org/wiki/PCI_DSS)
PCI DSS History
The first PCI Data Security standard was created by Visa, MasterCard, American Express, Discover and JBC Dec 15th 2004. Since then several revisions have been made to the standard and the current version is 1.2.1 which was released August 2009. The standard will continue to evolve over time (Hosted PCI is committed to maintaining its systems in constant compliance with the latest standards). For a complete history of PCI DSS, click here.
Typical Path to PCI DSS Compliance
All companies and organizations that deal with credit card information must adhere to PCI DSS. If your company takes credit card payments online, or through a call center, PCI DSS is a must.
Here are the basic goals the PCI DSS tries to achieve:
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
These 6 objectives may sound straight forward at first, but when you dig deeper into the standard, the 12 section SAQ (Self Assessment Questionnaire) can become fairly complicated. There are over 200 questions to answer in the SAQ. Failing only one of them could put your PCI Compliance status at risk. Download the SAQ here to take a look.
The Hosted PCI Simplified Path
PCI Compliance doesn't have to be so difficult. We created HostedPCI to make compliance a straight forward task. At the heart of all of the HostedPCI modules is the Payment Vault which includes our Tokenization technology. If you accept credit card data online, take a look at the Checkout Express Edition. For call and contact centers, HostedPCI offers the Call Center Edition.