{"id":1257,"date":"2016-06-23T08:00:44","date_gmt":"2016-06-23T12:00:44","guid":{"rendered":"https:\/\/tsisupport.com\/?p=1257"},"modified":"2021-07-07T05:07:48","modified_gmt":"2021-07-07T09:07:48","slug":"pcicompliant","status":"publish","type":"post","link":"https:\/\/tsisupport.com\/tsistaging\/?p=1257","title":{"rendered":"How to Become PCI Compliant: An Informal PCI Compliance Checklist"},"content":{"rendered":"

If your business processes credit cards or other forms of electronic payment, it is required to meet the standards established by the Payment Card Industry (PCI).\u00a0 That means not only retailers, but any establishment that accepts card payments in their place of business. \u00a0If you don\u2019t maintain PCI standards for compliance and suffer a data breach, you could face penalties ranging from $5,000 to $100,000 a month, putting your entire business\u2019s future at risk.\u00a0 These penalties can also be incurred if the card companies suspect your business of poor security practices.\u00a0 Maintaining compliance is not a singular assessment or evaluation, but rather a constant review of your process to ensure appropriate measures have been taken to protect the sensitive financial transaction data of your customers. In order to be in compliance, you must meet the following standards.
\n<\/p>\n

Maintaining a Secure Network<\/strong><\/span>
\nOne of the most common misconceptions is that after conducting the now mandatory penetration testing and passing the ASV scan, you are compliant, indefinitely.\u00a0 However this is simply not true. A penetration test and ASV scan should be thought of as a snapshot of your current level of compliance, and as a business, you should constantly update software and ensure to the best of your abilities that the latest attacks are unable to breach your network infrastructure.<\/p>\n

Tip:<\/strong>\u00a0<\/span><\/em>Your IT provider should have firewalls in place to protect and create a secure, private network.\u00a0 You should also establish with them a firewall policy and configuration test that is in part designed to protect cardholder data.<\/em><\/p>\n

Vulnerability Management<\/strong><\/span><\/p>\n

It is critical to also undergo quarterly internal and external vulnerability scans.\u00a0 While the internal scan can be done internally as long as you or your IT department has the expertise, the external scan must be completed by a PCI SSC approved vendor.\u00a0 Additional scans are also necessary if your business undergoes significant changes, such as a complete remodel, relocation, or changes to your payment processing and network.<\/p>\n

Tip:<\/strong>\u00a0<\/span><\/em>There are also regular updates you can conduct as well, such as ensuring your anti-virus software is kept up to date to protect against the most recently developed malware.\u00a0 If data is being hosted on outsourced servers, your managed service provider assumes the responsibility of maintaining that safe environment – Including generating the audit logs.<\/em><\/em><\/p>\n

Controlling Access<\/strong><\/span><\/p>\n

Controlling Access: Any data being stored with each business transaction presents opportunities for identity theft, exposing your business\u2019s banking information. Any database or network device managing payment card processes is open for a PCI audit should there be suspicion of fraudulent charges or negligence.<\/p>\n

Tip:\u00a0<\/span><\/em><\/strong>Restrict and limit the number of personnel that have access to cardholder data to a business, need-to-know only basis.\u00a0 Track and monitor all access to network resources and data through unique user accounts, logging systems to track activity, and stored archives.\u00a0<\/em><\/p>\n

Final Thoughts<\/strong><\/span>
\nOverall PCI compliance can be vague with room for interpretation, and has become some of the most comprehensive and detailed sets of security controls compiled for a major industry.\u00a0 The interpretation lies with minimizing your liability by documenting and showing your business has taken every measure to protect and secure the sensitive data, within reason.\u00a0 To learn more about the PCI Security Assessment Procedures, review this PCI DSS Quick Reference Guide<\/a> from the PCI Security Standards Council; or Contact Us<\/a> to speak with one of our knowledgeable experts!<\/p>\n

\n\t
\n\t\t\t\t\t\t\t\t
\n\t\t\n
\n\t\t\t
\n\t
\n\t
\n\t\t

\n\t\tConfident with Your IT Strategy?<\/span>\n\t<\/h2>\n\t<\/div>\n<\/div>\n
\n\t
\n\t\t
\n\t

If you found the information in this blog post helpful and you'd like to discuss your business' technology strategy, then we'd be happy to hear from you.<\/p>\n<\/div>\n\t<\/div>\n<\/div>\n

\n\t
\n\t\t
\n\t\t\t\n\t\t\t\t\t\t\tGet in touch with tsi<\/span>\n\t\t\t\t\t<\/a>\n<\/div>\n\t<\/div>\n<\/div>\n<\/div>\n<\/div>\n\t\t\t
\n\t
<\/div>\n<\/div>\n\t<\/div>\n\t\t<\/div>\n\t<\/div>\n<\/div>\n<\/div>
<\/div>\n","protected":false},"excerpt":{"rendered":"

If your business processes credit cards or other forms of electronic payment, it is required to meet the standards established by the Payment Card Industry (PCI).\u00a0 That means not only retailers, but any establishment that accepts card payments in their place of business. \u00a0If you don\u2019t maintain PCI standards for compliance and suffer a data…<\/p>\n","protected":false},"author":2,"featured_media":8426,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"categories":[7],"tags":[41,239,240,241,173,192,242,243,229,244,21,169,245],"acf":[],"yoast_head":"\nAn Informal PCI Compliance Compliance Checklist | PCI Compliant | TSI<\/title>\n<meta name=\"description\" content=\"Learn what you can do to ensure your business is PCI compliant with this informal PCI Checklist, containing several common mistakes businesses often make.\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"An Informal PCI Compliance Compliance Checklist | PCI Compliant | TSI\" \/>\n<meta property=\"og:description\" content=\"Learn what you can do to ensure your business is PCI compliant with this informal PCI Checklist, containing several common mistakes businesses often make.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/tsisupport.com\/tsistaging\/?p=1257\" \/>\n<meta property=\"og:site_name\" content=\"TSI Support\" \/>\n<meta property=\"article:published_time\" content=\"2016-06-23T12:00:44+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-07T09:07:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2016\/06\/Are-you-REALLY-PCI-Compliant-1140x380-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1140\" \/>\n\t<meta property=\"og:image:height\" content=\"380\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Roger Murray\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Roger Murray\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?p=1257\",\"url\":\"https:\/\/tsisupport.com\/tsistaging\/?p=1257\",\"name\":\"An Informal PCI Compliance Compliance Checklist | PCI Compliant | TSI\",\"isPartOf\":{\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?p=1257#primaryimage\"},\"image\":{\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?p=1257#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2016\/06\/Are-you-REALLY-PCI-Compliant-1140x380-1.png\",\"datePublished\":\"2016-06-23T12:00:44+00:00\",\"dateModified\":\"2021-07-07T09:07:48+00:00\",\"author\":{\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/#\/schema\/person\/5eed34ada00b62f24100bd841a4f62e9\"},\"description\":\"Learn what you can do to ensure your business is PCI compliant with this informal PCI Checklist, containing several common mistakes businesses often make.\",\"breadcrumb\":{\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?p=1257#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/tsisupport.com\/tsistaging\/?p=1257\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?p=1257#primaryimage\",\"url\":\"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2016\/06\/Are-you-REALLY-PCI-Compliant-1140x380-1.png\",\"contentUrl\":\"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2016\/06\/Are-you-REALLY-PCI-Compliant-1140x380-1.png\",\"width\":1140,\"height\":380},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?p=1257#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/tsisupport.com\/tsistaging\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Become PCI Compliant: An Informal PCI Compliance Checklist\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/#website\",\"url\":\"https:\/\/tsisupport.com\/tsistaging\/\",\"name\":\"TSI Support\",\"description\":\"TSI - Technical Support International\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/tsisupport.com\/tsistaging\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/#\/schema\/person\/5eed34ada00b62f24100bd841a4f62e9\",\"name\":\"Roger Murray\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/02eb44ce8ff599f733f8d322316f904d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/02eb44ce8ff599f733f8d322316f904d?s=96&d=mm&r=g\",\"caption\":\"Roger Murray\"},\"url\":\"https:\/\/tsisupport.com\/tsistaging\/?author=2\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"An Informal PCI Compliance Compliance Checklist | PCI Compliant | TSI","description":"Learn what you can do to ensure your business is PCI compliant with this informal PCI Checklist, containing several common mistakes businesses often make.","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"An Informal PCI Compliance Compliance Checklist | PCI Compliant | TSI","og_description":"Learn what you can do to ensure your business is PCI compliant with this informal PCI Checklist, containing several common mistakes businesses often make.","og_url":"https:\/\/tsisupport.com\/tsistaging\/?p=1257","og_site_name":"TSI Support","article_published_time":"2016-06-23T12:00:44+00:00","article_modified_time":"2021-07-07T09:07:48+00:00","og_image":[{"width":1140,"height":380,"url":"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2016\/06\/Are-you-REALLY-PCI-Compliant-1140x380-1.png","type":"image\/png"}],"author":"Roger Murray","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Roger Murray","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/tsisupport.com\/tsistaging\/?p=1257","url":"https:\/\/tsisupport.com\/tsistaging\/?p=1257","name":"An Informal PCI Compliance Compliance Checklist | PCI Compliant | TSI","isPartOf":{"@id":"https:\/\/tsisupport.com\/tsistaging\/#website"},"primaryImageOfPage":{"@id":"https:\/\/tsisupport.com\/tsistaging\/?p=1257#primaryimage"},"image":{"@id":"https:\/\/tsisupport.com\/tsistaging\/?p=1257#primaryimage"},"thumbnailUrl":"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2016\/06\/Are-you-REALLY-PCI-Compliant-1140x380-1.png","datePublished":"2016-06-23T12:00:44+00:00","dateModified":"2021-07-07T09:07:48+00:00","author":{"@id":"https:\/\/tsisupport.com\/tsistaging\/#\/schema\/person\/5eed34ada00b62f24100bd841a4f62e9"},"description":"Learn what you can do to ensure your business is PCI compliant with this informal PCI Checklist, containing several common mistakes businesses often make.","breadcrumb":{"@id":"https:\/\/tsisupport.com\/tsistaging\/?p=1257#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/tsisupport.com\/tsistaging\/?p=1257"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/tsisupport.com\/tsistaging\/?p=1257#primaryimage","url":"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2016\/06\/Are-you-REALLY-PCI-Compliant-1140x380-1.png","contentUrl":"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2016\/06\/Are-you-REALLY-PCI-Compliant-1140x380-1.png","width":1140,"height":380},{"@type":"BreadcrumbList","@id":"https:\/\/tsisupport.com\/tsistaging\/?p=1257#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/tsisupport.com\/tsistaging\/"},{"@type":"ListItem","position":2,"name":"How to Become PCI Compliant: An Informal PCI Compliance Checklist"}]},{"@type":"WebSite","@id":"https:\/\/tsisupport.com\/tsistaging\/#website","url":"https:\/\/tsisupport.com\/tsistaging\/","name":"TSI Support","description":"TSI - Technical Support International","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/tsisupport.com\/tsistaging\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/tsisupport.com\/tsistaging\/#\/schema\/person\/5eed34ada00b62f24100bd841a4f62e9","name":"Roger Murray","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/tsisupport.com\/tsistaging\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/02eb44ce8ff599f733f8d322316f904d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/02eb44ce8ff599f733f8d322316f904d?s=96&d=mm&r=g","caption":"Roger Murray"},"url":"https:\/\/tsisupport.com\/tsistaging\/?author=2"}]}},"_links":{"self":[{"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=\/wp\/v2\/posts\/1257"}],"collection":[{"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1257"}],"version-history":[{"count":0,"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=\/wp\/v2\/posts\/1257\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=\/wp\/v2\/media\/8426"}],"wp:attachment":[{"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1257"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1257"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1257"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}