tandard) Security procedures from the PCI Security Standards Council for merchants that accept credit cards online. It includes guidelines for user authentication, firewalls, antivirus, encryption, truncating account numbers, programming maintenance and vulnerability testing.
The primary issue is the handling of customers' credit card numbers. To be PCI compliant, a merchant must provide strong encryption of the numbers for storage and transmission or use a third-party token service (see token
). For more information, visit www.pcisecuritystandards.org. The PCI DSS Quick Reference Guide is available at http://bit.ly/1aVst18. See Qualified Security Assessor
, Internal Security Assessor
and Approved Scanning Vendor