What is it to be PCI Compliant?
Payment security is paramount for every merchant, financial institution or other entity that stores, processes or transmits cardholder data.
The PCI Data Security Standards help protect the safety of that data. They set the operational and technical requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions.
Maintaining payment security is serious business. It is vital that every entity responsible for the security of cardholder data diligently follows the PCI Data Security Standards.
What is PCI DSS?
The PCI DSS details security requirements for merchants and service providers that store, process, or transmit cardholder data. To demonstrate compliance with the PCI DSS, merchants and service providers may be required to have periodic PCI Security Scans conducted as defined by each payment card company.
Who should think of PCI Compliance?
If you accept or process payment cards, the PCI Data Security Standards apply to you.
These standards cover technical and operational system components included in, or connected to cardholder data.
Where can I perform a scan? Who are the approved scanning vendors?
An ASV is an organization with a set of security services and tools (“ASV scan solution”) to conduct external vulnerability scanning services to validate adherence with the external scanning requirements of PCI DSS Requirement 11.2.2. The scanning vendor’s ASV scan solution is tested and approved by PCI SSC before an ASV is added to PCI SSC’s List of Approved Scanning Vendors.
Find an Approved Scanning Vendor Company by clicking on PCI ASV.
What are the PCI scanning procedures and where can I find how to interpret the reports?
You can view and read all about it by clicking Payment Card Industry (PCI) Data Security Standard
Who can assist with all other requirements of the PCI DSS?
You must approach a Qualified Security Assessors (QSAs). Qualified Security Assessor (QSA) companies are independent security organizations that have been qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS.
You can find the list of certified QSA's here.