PCI standards

nets-secure-card-transactions.jpg

The Payment Card Industry Data Security Standard

The international card companies have set up some security standards that apply to all card payments. The standard deals with rules for the environment (payment terminal/ payment solutions/ systems/ network) where the merchants and their service provider/ processor handle and store card data. As a merchant accepting payment cards, you are responsible for ensuring that everyone handling card data complies with the security PCI DSS consists of. The payment terminals and/or the payment solution must be certified, and PA DSS and PCI PED approved in order for the merchant to comply with the requirements.

You must protect and encrypt card data

Payment card data can only be stored in a few places and must be secured well. You must always protect and encrypt card numbers. Data must be protected for the period where you store the name of the cardholder and expiration date. You should only store necessary card data and delete them as soon as you no longer need them.

Never save card data

Whether you encrypt or protect data, you must never store magstripe content, CVV/CVC or PIN/ PIN/blocks after the authorization of the payment is completed.