What is PCI Checklist?
PCI Checklist was born to improve system management security. To this extent, it provides a simpler, more manageable PCI-DSS certification process by which problems can be identified and addressed more efficiently, both for businesses that don’t require PCI-DSS certification - but value their data and aim to apply these security standards in their practices - and for businesses which are PCI-DSS certified or in the process of acquiring certification.
The payment standard has 12 high level requirements which fall into the six categories below:
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
Being compliant with PCI DSS means that you are doing your very best to keep your customers valuable information safe and secure and out of the hands of people who could use that data in a fraudulent way. Not holding on to data reduces the risk that your customers will be affected by fraud.
Don’t hold on to data that you don’t need to.
If you don’t need it, don’t store it.
If you lose card data i.e. suffer a data breach and you are not PCI DSS compliant you could incur Card Schemefines for the loss of this data and may be liable for the fraud losses incurred against these cards and the operational costs associated with replacing the accounts. Your customers may also not want to do further business with you. Unfortunately data breaches occur regularly and e-commerce sites are a very frequent target from hackers who often successfully compromise e-commerce sites. So please do not think that it won’t happen to you. It is imperative for you to ensure that you have implemented all of the relevant controls in PCI DSS.
PCI DSS is something that you MUST do.
Remember: You are responsible for looking after your customer’s card data, regardless who processes the data on your behalf.