What does it mean to be PCI compliant?

By: Jereme Sanborn


Companies of any size that process, store, or transmit credit card payments must adhere to rules known as the Payment Card Industry Data Security Standard (PCI DSS). These mandates, known as PCI compliance, were put in place by the major credit card companies to protect customers’ digital information and thus provide reassurance about the security of these types of payments. By becoming and remaining PCI compliant, merchants can reduce liability while adhering to governmental, and industry security regulations.

The basics of PCI DSS compliance.

Although secure credit card processing is required for sellers of all sizes, PCI compliance is not the same for everyone. According to the size of the data sets that you store or manage, your business will be placed into one of the following levels:

  • Level 1 – for merchants who process 6 million or more transactions across all channels per year, and/or have had a data breach.
  • Level 2 – for merchants processing between 1 and 6 million transactions across all channels per year.
  • Level 3 – assigned to merchants processing between 20,000 and 1 million ecommerce transactions per year.
  • Level 4 – this final level is for Merchants processing fewer than 20,000 ecommerce transactions annually and all other merchants processing up to 1 million transactions annually.

Requirements for PCI compliance include the following:

  • Install and maintain a firewall to protect data.
  • Change passwords and other vendor defaults.
  • Protect stored cardholder data.
  • Encrypt any cardholder data that is transmitted over public networks, and monitor your systems for vulnerabilities.
  • Protect against viruses and malware, updating software regularly.
  • Develop security measures to protect applications and systems.
  • Restrict access to cardholder data to only those who need it.
  • Authenticate and identify user access to system components.
  • Restrict physical access to data.
  • Track network resources to monitor user access.
  • Regularly test security processes, protocols, and systems.
  • Create and maintain a comprehensive information security policy.

At NAB, our PCI Plus Program offers hassle-free PCI compliance with no fees, and up to $100,000 in breach forgiveness protection for qualified merchants. Plus, no forms or third-party requirements! WIth PCI Plus, we do the heavy lifting so you can focus on your business. 

Managing, storing, or transmitting cardholder information or other data is a heavy responsibility. Merely possessing this sensitive digital information puts organizations at risk of breach. This is why PCI compliance is so important. Taking the time to adhere to industry data security standards provides your business with credibility, reduces your liability and, perhaps most important, offers peace of mind to your valued customers.