The Payment Card Industry Data Security Standard (PCI DSS) is a set of data protection mandates developed by the major payment card companies and imposed on businesses that store, process, or transmit payment card data. As part of their contracts with the card companies, merchants and other businesses that handle card data may be subject to fines if they fail to meet the requirements of PCI DSS compliance. Since these requirements are complex, a high-level PCI compliance checklist can be helpful in providing an initial introduction to the PCI DSS. Some organizations may also find it useful to develop a detailed PCI compliance checklist to guide their implementation of the standards.
The 12 High-Level Requirements on the PCI Compliance Checklist
At a summary level, the PCI compliance checklist for merchants and other businesses that handle payment card data consists of 12 requirements mandated by the PCI DSS:
- Install and maintain a firewall configuration to protect cardholder data.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.
- Use and regularly update anti-virus software.
- Develop and maintain secure systems and applications.
- Restrict access to cardholder data by business need-to-know. Assign a unique ID to each person with computer access. Restrict physical access to cardholder data.
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
- Maintain a policy that addresses information security.
Businesses must assess their current compliance with these operational and cyber security requirements, remediate any vulnerabilities, and report their compliance status to the payment card companies that they work with. Medium and large merchants are also subject to a yearly audit by an independent assessor.
How Akamai Can Help You Cross Items Off Your PCI Compliance Checklist
Akamai owns and operates the world's largest and most advanced web commerce acceleration network, helping ecommerce businesses provide high quality web experiences for their customers regardless of where those customers are or what type of web-connected device they use. The Akamai global network also offers built-in web security features that enable our ecommerce customers to more easily check off the items on their PCI compliance checklist:
- The Akamai SSL network is pre-certified for PCI compliance, and Akamai provides documentation, reporting, and services to support PCI compliance validation for customers who use the network.
- Akamai embeds best-in-class web application security technologies into our global CDN to help safeguard your sensitive data. These include defenses against SQL injection, one of the most common types of attacks on web service security and data integrity.
- To dramatically simplify your PCI compliance checklist, Akamai partners with leading payment gateway providers to offer an edge tokenization service that can keep sensitive payment card data from ever entering your origin infrastructure.
Learn more about Akamai's solutions for web security and PCI compliance.