What is PCI Compliance?
PCI DSS is a set of 12 requirements (and hundreds of sub-requirements) set by the PCI Security Standards Council (PCI SSC) and enforced by the payment card brands to protect cardholder data. All merchants that accept credit cards must comply with these requirements on an ongoing basis. This is done to ensure that you are helping to protect your customers’ payment card information throughout every transaction and that they, and you, are protected against the financial devastation of a data breach.
There are three ongoing, common-sense steps for adhering to the PCI DSS:
- Assess: Identify cardholder data, take an inventory of your IT assets and business processes for payment card processing, and analyze them for vulnerabilities that could expose cardholder data.
- Remediate: Fix vulnerabilities and do not store cardholder data unless you need it.
- Report: Compile and submit required remediation validation records (if applicable), and submit compliance reports to the acquiring bank and card brands you do business with.
Our approach to PCI compliance support:
The PCI Security Standards Council offers robust and comprehensive standards and supporting materials, as well as maintaining a public list of Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs) to help merchants in their compliance efforts.
NuArx is certified as a QSA and ASV by the PCI Security Standards Council.