Call Us: 877-332-8681

The Payment Card Industry (PCI)

PCI Compliance

What is PCI?

The Payment Card Industry (PCI) consists of organizations that handle debit, credit, prepaid, and ATM payment card data, including credit card companies, financial institutions and merchants. PCI Data Security Standards have been designed to ensure that these organizations will maintain the payment cardholder data in a secure environment, whether they store, process, or transmit the information. The major credit card brands (Visa, MasterCard, American Express, Discover, and JCB) are responsible for enforcing compliance, and the PCI Security Standards Council sets the requirements.

Who does this apply to?

All organizations or merchants that have a Merchant ID (MID) are required to comply as specified in their agreements with the credit card companies and through legislation in several states. The standards aim to minimize identity theft and fraudulent transactions and to regulate consistency in data security measures. Merchants who fail to meet the PCI Data Security Standards may incur fines from credit card companies and financial institutions and risk losing their ability to process payment cards. The U.S. Federal Government is considering the enactment of laws that will make PCI Compliance mandatory across the U.S.


What do I need to do to comply?

All merchants that accept payment cards, regardless of sales volume, are required to meet these six requirements:

  • Build and maintain a secure network (e.g., maintaining a firewall to protect cardholder data on your network from unauthorized access, and changing system passwords)
  • Protect cardholder data (e.g., making sure any sensitive credit card data is unreadable no matter where it’s stored, and encrypting data transmission to prevent breaches)
  • Maintain a vulnerability management program (e.g., deploying up-to-date anti-virus software with application of security and software patches)
  • Implement strong access control measures (e.g., limiting employee access to cardholder data, authenticating users, securely storing media, backups, paper and electronic communications)
  • Regularly monitor and test networks (e.g., using logging mechanisms to track user activities, implementing audit trails, running regular vulnerability scans, and performing penetration testing)
  • Maintain an information security policy (e.g., creating, maintaining and distributing an information security policy, screening employees before hiring, and training employees on the importance of payment cardholder data protection)

How can TBS help?

TBS assists companies with maintaining PCI Compliance through protection of payment card data, data destruction services, hard drive destruction, and recycling of equipment that does not comply with PCI regulations. Contact us for assistance in achieving or maintaining PCI compliance today.



Some of Our Clients