PCI compliance checklist

The PCI Security Standards Council outlines 12 components forming the PCI compliance checklist

If you're business is obliged to undertake a PCI audit, then following a PCI compliance checklist will ensure that you're security processes and payment processing meet the compliance standards. To ensure that you are meeting PCI compliance standards, you'll need to start by looking at what exactly PCI compliant means.

PCI (Payment Card Industry) compliance means that your business operates within the standards set by the industry's governing body, the PCI Security Standards Council (PCI SSC). PCI security is about protecting customers when processing and storing information on transactions carried out using credit or debit cards.

See What is PCI compliance?

With changes in the way that cards are used, such as online purchases and changes in point of sale technology, there have been a growing number of opportunities for credit cards to be compromised. As a result of this, the need for business to remain PCI compliant has become essential in order to safeguard credit card use.

By adhering to the standards set out by the industry, being PCI compliant will reduce the risk of a security breach resulting in the misuse of customers’ data and credit card information.

PCI compliance is required by all merchants — whether large or small — and it includes compliance for online transactions whereby credit card details such as card numbers, expiration dates and other security codes are transmitted online.

The following 12 components form part of the PCI compliance checklist outlined by the PCI Security Standards Council. This checklist aims to establish and maintain a secure, impenetrable network focusing on security of payment brands users.

  • Install and keep updated a firewall between the public network and the payment card data
  • Change vendor-supplied passwords that come with network and payment processing equipment
  • Protect any customer data stored for business purposes or regulatory purposes
  • Encrypt all transmissions of customer data over any public network
  • Maintain antivirus software in all of your computers
  • Deploy only secure card processing applications and systems
  • Limit access to the customer payment data to as few people as possible on the “need-to-know” basis within your business
  • Use building entry authentication such as visitor and employees badges with identification to limit access to stored data
  • Keep restricted physical access to business computers and customer data
  • Regularly test security applications and any PCI security processes that you have in place
  • Keep all employees informed about your information security policies

Generally, businesses will implement the necessary security measures to ensure these requirements are adhered to. Carrying out self evaluation of PCI security processes will help to ensure that your business is providing a secure environment and protecting customer data efficiently.

Maintaining a high level of security is preferable to falling foul of a security breach and then having to go through an expensive process of re-establishing accounts; not to mention the potential loss of customers if your business caused customer card details to be leaked.

Following the guidelines in the PCI compliance checklist will provide customers with security and peace of mind when dealing with your business. It will also help you to develop appropriate processes and procedures for handling of card data and customer information.

If you're confused about how to get started with this process, then contracting a qualified assessment firm can help you to pinpoint any areas of improvement in your existing security policies.

Recommended reading:
PCI compliance services in Australia
PCI compliance requirements for Aussie businesses
Understanding PCI compliance auditing

Join the CSO newsletter!

Error: Please check your email address.

Tags PCI auditPCI compliancesecuritycredit cardsPCI Security Standards Council (PCI SSC)

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by CIO Staff

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts