The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements designed to protect cardholder data. Any business that processes, stores, or transmits credit card information must comply with PCI DSS, regardless of size or transaction volume.
The Six Core Requirements
Build and Maintain a Secure Network by installing and maintaining firewalls and not using vendor-supplied default passwords. Protect Cardholder Data through encryption during transmission and secure storage practices. Maintain a Vulnerability Management Program by using updated anti-virus software and developing secure applications. Implement Strong Access Controls by restricting data access on a need-to-know basis and assigning unique IDs to each person with computer access. Regularly Monitor and Test Networks by tracking all access to network resources and cardholder data and regularly testing security systems. Maintain an Information Security Policy that addresses information security for all personnel.
Compliance Levels
PCI DSS has four compliance levels based on annual transaction volume. Level 1 applies to merchants processing over six million transactions annually and requires an annual on-site audit. Levels 2 through 4 have progressively simplified requirements but still mandate annual self-assessment questionnaires and quarterly network scans.
At oosoft, we build eCommerce solutions with PCI compliance in mind from the start. Contact us at oosoft.co.in/contact-us.