Page 1 of 3

JULY 2010 marks a key deadline for Payment Card Industry (PCI) compliance in the credit card processing industry.

By Crystal Sulzer

By July 2010 all merchants must be certified that they are compliant with the Payment Card Industry Data Security Standards. With more and more diversity on how we take credit cards, it has become more confusing to the merchant as to whether PCI applies to them or not. 

PCI APPLIES TO EVERYONE, even the companies that take only one or two cards a year. There are 12 requirements that a merchant must follow and adhere to when dealing with customers' credit card information.

Install and maintain a firewall configuration to protect cardholder data. 

• By installing a firewall, this helps minimize the exposure from people trying to hack into your system.  There is not guarantee that someone cannot hack a firewall; but it does help minimize the accessibility of your system from people just randomly surfing systems.
• Do not use vendor-supplied defaults for system passwords and other security parameters.
• Again, some of this is common sense. Use a password only you are going to know. Keep a list of your passwords accessible for your eyes only. Some systems will even tell you how secure your password is.

Protect stored data

• Do not store cardholder data unless it is really necessary.
• Do not email sensitive information such as full card number and expiration dates.
• Do not locate servers or other payment card system storage devices outside of a locked, fully secured and access-controlled room.
• Once information is stored, you should not have the full account number or the expiration date accessible at all.