September 21, 2017

Understanding PCI Compliance

As a merchant, you are required to be compliant with the Payment Card Industry Data Security Standard (PCI DSS), a set of comprehensive requirements developed by the major card brands to facilitate the adoption of consistent data security measures.

The core of the PCI DSS is a group of principles and ccompanying requirements, around which the specific elements of the DSS are organized:

Build and Maintain a Secure Network

  • Requirement 1 – Install and maintain a firewall configuration to protect cardholder data
  • Requirement 2 – Do not use vendor–supplied defaults for system passwords and other security parameters

Protect Cardholder Data

  • Requirement 3 – Protect stored cardholder data
  • Requirement 4 – Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

  • Requirement 5 – Use and regularly update anti–virus software
  • Requirement 6 – Develop and maintain secure systems and applications

Implement Strong Access Control Measures

  • Requirement 7 – Restrict access to cardholder data by business need–to–know
  • Requirement 8 – Assign a unique ID to each person with computer access
  • Requirement 9 – Restrict physical access to cardholder data

Regularly Monitor and Test Networks

  • Requirement 10 – Track and monitor all access to network resources and cardholder data
  • Requirement 11 – Regularly test security systems and processes

Maintain an Information Security Policy

  • Requirement 12 – Maintain a policy that addresses information security

PCI Validation Requirements

Important: Since Authorize.Net is not directly involved with establishing, evaluating or validating merchant PCI compliance requirements, we have partnered with Trustwave, a leading provider of information security and compliance management solutions. Trustwave offers convenient PCI tools and validation services at a specially discounted price to Authorize.Net merchants. Learn more about Trustwave's services.

Sign Up Now

Merchants interested in signing up for an Authorize.Net Payment Gateway account can contact us at 1-888-323-4289 for more information, or contact an Authorize.Net reseller.

To become a reseller, please contact our sales team at 1-866-437-0491 or via our Reseller Inquiry Form