The Do’s and Don’ts of PCI Compliance

Contact Us: 1-800-218-3683

The Do’s and Don’ts of PCI Compliance

Although achieving and maintaining PCI compliance is a vital part of your business’s security, it doesn’t have to be a challenge. Merchants should be aware of these PCI practices so your business can be as secure as possible.

Finding a payment processor that provides PCI-compliant solutions is one of the easiest ways to establish secure credit card transactions. As leaders in the payment processing industry, i3 Commerce Technology is dedicated to educating and informing merchants of the ever-changing rules and regulations that comes with securing cardholder data.

What is PCI Compliance?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment. In general, PCI compliance is required by credit card companies to make online transactions secure and protect them against identity theft. Any merchant that wants to process, transmit or store credit card data is required to be PCI compliant, according to the PCI Compliance Security Standard Council.

PCI Data Storage Do’s and Don’ts

In the August 2019 issue of Card Talk, we explored why achieving PCI compliance is worth it and identified six regulation categories that merchants need to pay attention to:

  1. Secure your card processing network
  2. Protect all cardholder information
  3. Protect your systems against malware
  4. Put access control measures in place
  5. Monitor and test your networks
  6. Create and maintain an information security policy

There are a few key things merchants should do and not do to ensure PCI compliance. This simple list of do’s and don’ts will get you started down the path of meeting all PCI standards:

Do’s

  • Understand the flow of customer data in your payment system
  • Store only necessary cardholder information like the expiration date, cardholder name, and account number
  • Delete authentication data after a transaction has been verified
  • Remove a data segment like the last four digits of a card number when displaying or printing cardholder data
  • Use strong cryptography
  • Read PCI compliance requirements regularly to stay current with updates
  • Validate your company every year
  • Verify that third parties who process your customer data are PCI compliant

Don’ts

  • Store pointless cardholder information
  • Store authentication data including the CVV or CVC code on the card
  • Display or print cardholder data that isn’t properly truncated
  • Store cardholder data on unprotected devices like computers, laptops, or smartphones
  • Send data through texts or email messages
  • Place payment card system storage devices anywhere but in a secure and access-controlled room
  • Participate in data security activity that doesn’t follow PCI regulations

For More on PCI Compliance:

Contact us online or call 1-800-621-8931.

Check out i3 Commerce Technology’ newsroom.

Subscribe to Card Talk

Our monthly newsletter delivers the latest payments news straight to your inbox