COMPLIANCE

The Payment Card Industry Data Security Standard

Secure Your Transactions with Confidence: Our commitment to PCI Compliance ensures the safety of your customers’ data, streamlining your business operations and reinforcing trust in your brand.

PCI Security Stands Council

PCI Compliance Guidelines (Requirements) for Merchants

Familiarize yourself with key merchant requirements, such as firewall maintenance, password protection, data security, and vulnerability scanning. Understand your responsibilities for maintaining records, completing attestations, and ensuring compliance with legal requirements.

Use and Maintain Firewall

Safeguard your network with a strong firewall to prevent unauthorized access.

Password Protections

Implement secure password practices to defend against potential security breaches.

Protect Cardholder Data

Ensure sensitive data is encrypted and securely stored to maintain customer trust.

Maintain Anti-Virus

Deploy up-to-date anti-virus software to safeguard against malware and cyber threats.

Updated Software

Regularly update software to fix vulnerabilities and enhance overall security.

Restrict Data Access

Control access to sensitive information by granting privileges on a need-to-know basis.

Fix Vulnerabilities

Periodically examine systems for weaknesses and address them promptly.

ASV Scans & Responsibilities

Learn about the importance of ASV scan schedules and guidelines for maintaining PCI Compliance. Understand your organization’s duties, including recordkeeping, attestation, and certification submissions, which are crucial for a secure and compliant business environment.

ASV Scan Frequency & Best Practices

Establish an internal process to guarantee ASV scans take place and pass every 90 days. Additionally, after implementing changes in a scanned environment within this 90-day timeframe, perform a new scan to ensure that no new security vulnerabilities have been introduced. This approach helps maintain a secure environment and mitigates potential risks associated with system changes.

Merchant’s Compliance Responsibilities

Your company is responsible for storing and maintaining Attestation of Scan Compliance documents and completing the attestation process. You must also submit scan details for ASV certification (applicable to vendors handling both PCI and non-PCI scanning). Compliance is a legal requirement tied to your internal infrastructure, policies, procedures, and employee training; thus, external entities cannot attest to your compliance.