How to Meet PCI Compliance Requirements for Selling Your Company’s Products Online

The COVID-19 pandemic has changed many things that were once the norm. Retail stores that were not considered essential were forced to close initially, and even now may be experiencing less foot traffic than usual. For this reason, many businesses have decided to make the move to selling their products online.

However, moving to an eCommerce store is not a simple feat. If you choose to set up your own website rather than selling through an established platform like Amazon or eBay, then you will need to ensure that you are in compliance with the Payment Card Industry Data Security Standards (PCI DSS).

What Are the PCI Data Security Standards?

The PCI DSS were developed by the Security Standards Council as a universal way to keep cardholder information safe and private. Any company that processes credit card information needs to adhere to this set of PCI compliance standards, which consists of six main goals and 12 requirements:

Goal 1: Building and Maintaining a Secure System and Network

To achieve this goal, companies must:

  1. Install and maintain a firewall that is configured to protect cardholder data.
  2. Set up secure and unique system passwords and other security parameters, rather than relying on the defaults set by the vendor. 

Goal 2: Protecting Cardholder Information

To achieve this goal, companies must:

  1. Protect any cardholder data that is stored in their system.
  2. Make sure that all data transmission across public networks is encrypted.

Goal 3: Maintaining a Program to Manage Vulnerabilities

To achieve this goal, companies must:

  1. Protect any computer systems against malware. Anti-virus software must also be updated regularly to stay ahead of potential threats.
  2. Develop and maintain systems and applications that are secure.

Goal 4: Implementing Strong Measures for Access Control

To achieve this goal, companies must:

  1. Make sure that access to cardholder data is restricted on a need-to-know basis.
  2. Identify and authenticate any required access to components in the system.
  3. Restrict physical access to cardholder data by keeping it in a locked file or room.

Goal 5: Regularly Testing and Monitoring Networks

To achieve this goal, companies must:

  1. Track and continue to monitor any and all access to both network resources and cardholder data.
  2. Regularly test all security systems and processes.

Goal 6: Maintaining an Information Security Policy

To achieve this goal, companies must:

  1. Maintain a company policy that addresses all information security issues.

New to eCommerce? Chorus Communications Is Ready to Help

Whether your Philadelphia-area business has recently pivoted to eCommerce because of the pandemic or you’re looking to reach a larger audience, the PCI compliance consultants at Chorus Communications can find the right solution for your company. Contact us today for more information.

Chorus Communications
Our Clients