Stampa Stampa
Dimensione testo Aumenta dimensione carattereDiminuisce dimensione carattereReimposta dimensione carattere

How to Be Compliant

Getting Started with PCI Data Security Standard Compliance

PCI Security Standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The Council is responsible for managing the security standards, while compliance with the PCI Security Standards is enforced by the payment card brands. The standards apply to all organizations that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions.

If you are a merchant that accepts payment cards, you are required to be compliant with the PCI Data Security Standard. You can find out your exact compliance requirements only from your payment brand or acquirer. However, before you take action, you may want to obtain background information and a general understanding of what you will need to do from the information and links here.

The PCI DSS follows common-sense steps that mirror security best practices. There are three steps for adhering to the PCI DSS – which is not a single event, but a continuous, ongoing process. First, Assess -- identify cardholder data, take an inventory of your IT assets and business processes for payment card processing, and analyze them for vulnerabilities that could expose cardholder data. Second, Remediate -- fix vulnerabilities and do not store cardholder data unless you need it. Third, Report -- compile and submit required remediation validation records (if applicable), and submit compliance reports to the acquiring bank and card brands you do business with.

For more information, download our Getting Started Guide and/or our Quick Reference Guide.

To learn what your specific compliance requirements are, check with your card brand compliance program:

For additional information about how to get started, consult our FAQs.


Inizio pagina

L’ente responsabile degli standard di protezione PCI (l’ “Ente responsabile”) mette a disposizione diversi strumenti, questionari, istruzioni, Domande frequenti (FAQ), risorse per la formazione ed altri materiali ed informazioni per offrire assistenza alle organizzazioni che cercano di ottenere la conformità ai suoi standard (gli “Standard”). Sono disponibili anche prodotti e servizi di terze parti, ma l'Ente responsabile non approva o raccomanda alcuno di tali prodotti o servizi, e consiglia a tutte le organizzazioni che cercano di ottenere la conformità di conoscere gli Standard ed i requisiti correlati prima di acquistare prodotti o servizi di terze parti. In conclusione, per ottenere la conformità è necessario soddisfare tutti i requisiti applicabili, indipendentemente da se e quali prodotti o servizi di terze parti siano utilizzati.
Powered By OneLink