We have had requests from concerned clients wondering what is this new PCI compliance that has been coming at them. This small note is meant to serve as a brief description of what this is all about. For a more formal explaination contact the PCI Standards Council.

Payment Card Industry (PCI) is a Standards Council that develoves security requirements for credit card companies
If you issue, assess or process credit card data, you can join PCI. It's an industry standard not a governmental one so it is globally applicable. The key is to have corporate policies in place and follow them

• Build and Maintain a Secure Network
  Install and maintain a adequate infrastructure to protect cardholder data (firewalls, secure access to your servers)
• Do not use vendor-supplied defaults for system passwords and other security parameters (like the ones that come with firewalls).
• Protect Cardholder Data
  • Protect any stored cardholder data (or avoid having to store card holder data by using a 3rd party certified service provider)
  • Encrypt transmission of cardholder data across open, public networks (Use SSL keys on your web site).
  • Maintain a Vulnerability Management Program.
  • Use and regularly update anti-virus software.
  • Develop and maintain secure systems and applications.
  • Implement Strong Access Control Measures.
  • Restrict access to cardholder data by business need-to-know.
  • Assign a unique ID to each person with computer access.
  • Restrict physical access to cardholder data.
  • Regularly Monitor and Test Networks.
  • Track and monitor all access to network resources and cardholder data.
  • Regularly test security systems and processes.
• Maintain an Information Security Policy.
• Maintain a policy that addresses information security.