PCI Compliance

The Payment Card Data Security Standard, also known as PCI DSS or just PCI Compliance, was created in response to an increasing number of credit card data breaches. The PCI Data Security Standard consists of 12 security requirements (see below) that consist of roughly 250 individual controls. The PCI Security Standards Council provides 4 different versions of the Self Assessment Questionnaire (SAQ), which is a validation tool for merchants to evaluate their compliance status.

PCI Compliance applies to any merchant that processes, transmits or processes credit card information. It is a mandatory requirement and all deadlines have passed. The Standard has continued to evolve to address the varied needs of business types and new security threats.

The founding members of the PCI Security Council, Visa, MasterCard, American Express, Discover, and JCB, have offered both carrots and sticks to merchants to incentive compliance. As a carrot, if merchants are compliant at the time of a breach, they receive Safe Harbor from fines. As a stick, if a merchant is non-compliant at the time of a breach, merchants can be fined up to $500,000 per incident and face remediation costs between $90 and $302 per card.

For these reasons, merchants are turning to Braintree for our unique approach to both compliance and security. Our unique solutions prevent credit card data from entering a merchant environment without changing the user experience and offer merchants full control over the data. The scope of PCI Compliance is significantly reduced and no credit card data is present to be stolen. Watch How.

Requirements for PCI Compliance

There are 12 security requirements for PCI compliance. These are:

  1. Install and maintain a firewall configuration to protect cardholder data.
  2. Do not use vendor supplied defaults for system passwords and other security parameters.
  3. Protect stored cardholder data.
  4. Encrypt transmission of cardholder data across open, public networks.
  5. Use and regularly update anti-virus software.
  6. Develop and maintain secure systems and applications.
  7. Restrict access to cardholder data by business need-to-know.
  8. Assign a unique ID to each person with computer access.
  9. Restrict physical access to cardholder data.
  10. Track and monitor all access to cardholder data.
  11. Regularly test security systems and processes.
  12. Maintain a policy that addresses information security.

Comprehensive Payment Processing Solutions

In addition to our PCI Compliance focus and specialty, we offer a full range of products and services to provide merchants with a single solution for all payment processing needs:

Resources


New to processing?

Merchant Account Quick Guides

PCI Compliance Quick Guides

Developer Resources
 
Braintree mark

Braintree

Site Links

Resources

 

© 2010 Braintree Payment Solutions. All rights reserved. Braintree is a registered ISO/MSP of Wells Fargo Bank, N.A., Walnut Creek, CA