The "Ten Commandments" of PCI Compliance

Every merchant who handles customer credit card information must keep the "Ten Commandments" of PCI Compliance.

1. Thou shalt build and maintain a secure network, and maintain a firewall on the server to protect data.


2. Thou shalt not use vendor-supplied defaults for system passwords and security parameters.


3. Thou shalt protect stored customer data and encrypt the transmission of cardholder data and other sensitive information across public networks.


4. Thou shalt use and regularly update antivirus software, and develop and maintain secure systems and applications.


5. Thou shalt restrict physical access to customer data, and provide access only to those with business need-to-know.


6. Thou shalt assign each person with computer access a unique ID.


7. Thou shalt track and monitor all access to network resources and cardholder data.


8. Thou shalt regularly test security systems and processes, and perform a quarterly network vulnerability scan.


9. Thou shalt maintain an Information Security Policy.


10. Thou shalt report to the Payment Card Industry according to the requirements of thy merchant level.

If you do all these things, you will enjoy the satisfaction of knowing you are doing all within your power to provide your customers with a safe and secure shopping experience, while avoiding the wrath of the payment card industry which can impose severe financial penalties for non-compliance.

To learn more, visit the PCI Security Council Standards website.