top of page

PCI

WHAT IS PCI?

The PCI Data Security Standard (PCI DSS) applies to all entities that store, process, and/or transmit cardholder data. It covers technical and operational practices for system components included in or connected to environments with cardholder data. If you accept or process payment cards, PCI DSS applies to you.

Definiton.png
who.png

WHO HAS TO COMPLY WITH THESE STANDARDS?

Each of PCI SSC’s founding payment brand members (American Express, Discover, JCB International, MasterCard and Visa) currently have their own PCI compliance programs for the protection of their affiliated payment card account data.  Entities should contact us directly for information about their compliance programs.

What type of security threats exist?

Remote Access.png

remote

access

Malware.png

malware

Password.png

weak passwords

Criminals can gain access to your systems that store, process, or transmit payment data through weak remote access controls. Remote access may be used by your payment terminal vendors, for example, to provide support to your terminal or to provide a software update.

Criminals use malicious software to infiltrate a computer system and steal payment data. Ransomware is the fastest growing malware threat.

More than 80% of data breaches involve stolen/or weak passwords. 
*Verizon 2017 DBIR

Phishing.png

phishing

Outdated Software.png

outdated

software

Skimming.png

skimming

Phishing emails are a common delivery vehicle for malware. These emails look legitimate, such as an invoice or electronic fax, but they include malicious links and/or attachments that can infect your computer and system.

Criminals look for outdated software to exploit flaws in unpatched systems.

Criminals attach small hardware "skimming devices" to card readers which can sweep customer payment data when they use payment cards at your store. Criminals use the stolen data to create counterfeit cards and make illegal purchases.

bottom of page