PCI - What is PCI Compliance

View PCI validation listing 

What is PCI and PCI compliance?

PCI Security Standards Council short for Payment Card Industry Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.
The PCI Security Standards Council’s mission is to enhance payment account data security by driving education and awareness of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc.
 
These standards are outlined below and apply to all locations that process credit cards.

Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
 
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
 
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
 
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
 
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
 
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security

What is PCI DSS?
The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.

The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations pro actively protect customer account data.

The PCI Security Standards Council will enhance the PCI DSS as needed to ensure that the standard includes any new or modified requirements necessary to mitigate emerging payment security risks, while continuing to foster wide-scale adoption.
The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized:

Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security

How does PCI compliance affect me?
SPOT version 6 is the only PCI DSS compliant version of software provided by SPOT Business Systems, LLC. If you plan on using integrated credit card processing in your company this is the version you will need to be operating on. In the near future your processor may require your location to be PCI compliant and your point of sale software to be PCI DSS compliant. The PCI board has set July of 2010 as the date to require merchants to process transactions via PCI and PCI DSS compliance.
Having your business location and point of sale software PCI compliant will provide you with piece of mind with the ability to continue processing payment transactions.   In the near future payment processing service providers will require the location and application processing payments to be PCI compliant. As of January 1, 2010 very few credit card processing companies require compliance for these transactions. As we move closer to the July 2010 deadline you will find processing companies will require PCI compliance for the location and the software in order to continue integrated processing of transactions on the credit card provider networks.
What dates do I need to know for PCI compliance?
July of 2010 is the drop dead date set by the PCI board and PCI compliance. As per the mandate put forth by the PCI standards board, credit card companies must require PCI compliance of the merchant’s location and software in order to continue the processing of payments. If compliance is not met by the merchant the provider of credit card processing may choose to discontinue the merchants credit card processing until PCI compliance is met.
What version of SPOT is PCI Compliant?
SPOT version 6.x is the current and only PCI compliant version of software provided by SPOT Business Systems, LLC. PCI compliance requires version 6.x to be run on Windows XP, 2003 or Windows 7. SPOT version 6.x was released on December 15, 2009 as a general release. Hosted production servers will be updated to the latest 6.0 builds January of 2010. Earlier versions of SPOT and all versions of SPOT classic are not PCI compliant and will require an update to SPOT 6.0 in order to be PCI compliant.
Who pays the cost of PCI compliance?
PCI compliance costs are the responsibility of the merchant processing the transactions. Installation and maintenance of local firewalls, anti-virus and other required security processes are the responsibility of the merchant.
It is the responsibility of the merchant to install and maintain the most current PCI DSS compliant version of the POS and payment processing software.
Where do I find more about PCI compliance?
Documentation explaining PCI compliance is available at