Formation of the Payment Card IndustryThe Payment Card Data Security Standard was developed by the Payment Card Industry Security Standards Council. The standard assists organizations that process credit cards to ensure it is done in a secure manner. The standard applies to any business that processes, holds, or exchanges cardholder information.
Important PCI Rules
- Businesses must maintain a firewall configured in a manner to protect cardholder data.
- Encrypt transmission of cardholder data at every point in the process, must be verified.
- Anti-virus software must be up to date and on all systems.
- Regular tests of security systems and processes must be able to be verified.
- PCI Compliance is not a law, unfortunately if your application is not PCI compliant you run the risk having fines imposed on you or your customers up to $100,000.