What is PCI Compliance?
The major credit card issuers created PCI (Payment Card Industry) compliance standards to ensure that all companies that process, store or transmit credit card information maintain a secure environment. This set of requirements is called the Payment Card Industry Data Security Standard (PCI DSS). All merchants (any entity that accepts payment cards from American Express, Discover, JCB, MasterCard or Visa as payment for goods and/or services) must comply with these standards. Failure to meet compliance standards can result in fines from credit card companies and banks and even the loss of the ability to process credit cards. The payment brands and acquirers are responsible for enforcing compliance, not the PCI council.
The Payment Card Industry Security Standards Council (PCI SSC) manages the PCI security standards.
For merchants, adherence to the PCI standard means they must:
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
Auric Systems International has created a companion web site (www.PCIstandard.com) containing in-depth PCI information for our merchants.
Auric builds payment card transaction software designed for use in PCI compliant enterprises. Security is an on-going process, and Auric continues to improve our full compliance with Visa's Payment Application Best Practices guidelines which are derived from the PCI standard. Auric continues to provide software security features and information to support our merchant's ability to comply with PCI requirements.
The goal of the Visa Payment Application Best Practices (PABP) program is to guide developers in the creation of secure applications.
Secure application development follows Payment Application Best Practices, including:
- Do not retain full magnetic stripe or CVV2 data
- Protect stored data
- Provide secure password features
- Log application activity
- Protect wireless transmissions
- Test applications to address vulnerabilities
- Implement secure network communication
- Never store cardholder data on a server connected to the Internet
- Facilitate secure remote software updates
- Facilitate secure remote access to application
- Encrypt all non-console administrative access
- Encrypt sensitive traffic over public networks