Retail PCI Compliance

The Payment Card Industry Data Security Standard, commonly known as the PCI DSS, was created with the sole purpose of securing and protecting cardholder data. Complying with this standard is mandatory for any business that stores, processes or transmits payment cardholder data. Demonstrating PCI compliance goes well beyond simply having a PA-DSS validated payment processing application. Retail merchants are directly responsible for ensuring that they meet ALL requirements of the PCI DSS standard and reporting their compliance status. To prove compliance, at the very least, retail businesses are required to complete the PCI Self Assessment Questionnaire (SAQ) on an annual basis and engage an Approved Scanning Vendor (ASV) to perform quarterly security scans on their infrastructure.

The PCI Data Security Standard has six main goals with twelve associated requirements. Below is an overview of each of the six main goals.  Please refer back to the PCI Security Standards Council website: www.pcisecurity.standards.org for a full outline of the PCI Data Security Standard.

• Build and maintain a secure network
• Protect cardholder data
• Maintain a vulnerability management program
• Implement Strong Access Control Measures
• Regularly monitor and test networks
• Maintain an information security policy