PCI Compliance Standards

Introduction to PCI

Payment Card Industry Data Security Standards, better known as PCI, is a set of guidelines developed by the major credit card companies (Visa, MasterCard, Discover, American Express, and JCB) to help companies and organizations that process credit cards prevent credit card fraud and breaches of cardholder information.  Any organization that processes, stores, or transmits credit card numbers is required by the credit card companies to be compliant with the PCI standard. Organizations which fail to comply may lose the ability to accept credit cards as a form of payment.

The Requirements of PCI

There are 12 specific requirements outlined by PCI. These requirements are arranged into six control objectives, or general goals of PCI.  The PCI control objectives and requirements are outlined below. These will be discussed in detail on the next several pages.

Control Objective 1: Build and maintain a secure network.

Requirement 1: Install and maintain a firewall configuration to protect cardholder data.

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.

 

Control Objective 2: Protect cardholder data.

Requirement 3: Protect stored cardholder data.

Requirement 4: Encrypt transmission of cardholder data across open, public networks.

 

Control Objective 3: Maintain a vulnerability management program.

Requirement 5: Use and regularly update anti-virus software.

Requirement 6: Develop and maintain secure systems and applications.

 

Control Objective 4: Implement strong access control measures.

Requirement 7: Restrict access to cardholder data by business need-to-know.

Requirement 8: Assign a unique ID to each person with computer access.

Requirement 9: Restrict physical access to cardholder data.

 

Control Objective 5: Regularly monitor and test networks.

Requirement 10: Track and monitor all access to network resources and cardholder data.

Requirement 11: Regularly test security systems and processes.

 

Control Objective 6: Maintain an information security policy.

Requirement 12: Maintain a policy that addresses information security.

 

Related PCI documents:

PCI DSS rocks (Video)​

PCI DSS Requirements and Security Standards Procedures​ (pdf)

PCI DSS Data Storage Do’s and Don’ts (pdf)

PCI DSS Quick Reference Guide (Data Security Standard Version 3.1)​ (pdf)


One of 34 U.S. public institutions in the prestigious Association of American Universities
44 nationally ranked graduate programs.
—U.S. News & World Report
Top 50 nationwide for size of library collection.
—ALA
23rd nationwide for service to veterans —"Best for Vets," Military Times
KU Today