What is PCI Checklist?

PCI Checklist was born to improve system management security. To this extent, it provides a simpler, more manageable PCI-DSS certification process by which problems can be identified and addressed more efficiently, both for businesses that don’t require PCI-DSS certification - but value their data and aim to apply these security standards in their practices - and for businesses which are PCI-DSS certified or in the process of acquiring certification.

The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information. The PCI DSS was created jointly in 2004 by four major credit-card companies: Visa, MasterCard, Discover and American Express.
The payment standard has 12 high level requirements which fall into the six categories below:
  1. Build and Maintain a Secure Network
  2. Protect Cardholder Data
  3. Maintain a Vulnerability Management Program
  4. Implement Strong Access Control Measures
  5. Regularly Monitor and Test Networks
  6. Maintain an Information Security Policy
Payment Card Industry (PCI) security standards with focus on improving payment account security throughout the transaction process. PCI DSS compliance is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.)

Being compliant with PCI DSS means that you are doing your very best to keep your customers valuable information safe and secure and out of the hands of people who could use that data in a fraudulent way. Not holding on to data reduces the risk that your customers will be affected by fraud.

Don’t hold on to data that you don’t need to.
If you don’t need it, don’t store it.

If you lose card data i.e. suffer a data breach and you are not PCI DSS compliant you could incur Card Schemefines for the loss of this data and may be liable for the fraud losses incurred against these cards and the operational costs associated with replacing the accounts. Your customers may also not want to do further business with you. Unfortunately data breaches occur regularly and e-commerce sites are a very frequent target from hackers who often successfully compromise e-commerce sites. So please do not think that it won’t happen to you. It is imperative for you to ensure that you have implemented all of the relevant controls in PCI DSS.

PCI DSS is something that you MUST do.

Remember: You are responsible for looking after your customer’s card data, regardless who processes the data on your behalf.
The PCI Security Standards Council encourages all businesses that store payment account data to comply with the PCI DSS to help lower their brand and financial risks associated with account payment data compromises. The PCI Security Standards Council does not manage compliance programs and does not impose any consequences for non-compliance. Individual payment brands, however, may have their own compliance initiatives, including financial or operational consequences to certain businesses that are not compliant.
The Attestation of Compliance is the document used to indicate that the appropriate Report on Compliance or Self-assessment Questionnaire has been performed, and to attest to your organization’s compliance status with PCI DSS.