The first two requirements refer to establishing and keeping a secure network.  It deals with the company’s firewall and network configuration and changing vendor defaults on the software that the company uses.  Requirements three and four deals with protecting encrypted credit card data.  Number three is for encrypting stored data and number four covers the encryption of transmitted data, like sending credit card details over secure channels.  Requirement five ensures that all systems that touch credit card data are running on up to date anti-virus software.  Requirement six covers the Software Development Lifecycle, which is the blueprint for credit card management software and systems.  Requirements seven, eight and 9 are concerned with implementing strong access control measures.  Number seven is limiting card holder data access, number 8 deals with the logical access control and limitations, while number nine is concerned with the physical access to the hardware storage of credit card information.  Requirement numbers ten and eleven deal with the regular monitoring and testing of networks.  The last requirement, number 12, is concerned with the implementation of PCI-DSS Security Policy which addresses all of the other requirements of the PCI-DSS.  This deals with an extensive amount of documentation.

The PCI-DSS is implemented for the protection of all cardholders.  Credit card data should always be safeguarded by merchants and establishments.  They should be aware of the different PCI-DSS requirements and do their share to comply with these security standards.

What, then, determines standard compliance? Apparently, you will have to submit a report to a compliance validation system that runs in the latest variation of PCI DSS. You must fill out the Self-Assessment Questionnaire (SAQ) accurately to be submitted and this report is a form of checklist which the assessor has to review and scrutinized carefully. A helpful validation tool, SAQ is the standard and essential for all merchants. In the event that you have areas or criteria of non-compliance as verified by the assessor, you can essentially work on that to become compliant.

Furthermore, you can now take advantage of the PCI DSS training to advise site owners and other online retailers about this compliance regulations. With no PCI compliance, you as a business owner or as a seller, can’t lawfully accept a plastic card for transaction. In most cases, you may also decide to use the services of a project consultant who is trained for PCI-DSS and can help with the whole process or you can ask for some help from Qualified Service Assessors (QSAs) in the business. Overall, this standard serves as a good reference point for many people to use.