PCI Compliance

What is PCI compliance?

PCI stands for Payment Card Industry. The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment.

Who is required to provide proof of compliance?

PCI applies to any merchant or organization that accepts, transmits or stores any cardholder data, regardless of size. If you accept transactions from customers using credit or debit cards, the PCI DSS requirements apply.

How do you show proof of compliance?

To show proof of compliance, you must provide Attestation of Compliance document. In addition, if using a third-party platform such as BigCommerce, you will need to provide a Attestation of PCI DSS Compliance. Ours is linked below. 2016 - 2017 Attestation of PCI DSS Compliance

Why do I need to reset my password every 90 days?

It is part of the requirements stated in Requirement 8 of Version 3.0 of the Payment Card Industry Data Security Standards. In order to remain PCI compliant the password must change at least every 90 days. See PCI Compliance Password Requirements for more details.

Why was I logged out of my store?

Another requirement for PCI compliance requires that if there is no activity for 15 minutes, the session has to time out. If you are logged into your store's control panel but do not click anything for 15 minutes, the system will log out.

Resources

PCI FAQs — This FAQ comes directly from the organization that governs PCI Compliance standards.
Everything You Need to Know About (Achieving) PCI Compliance — An in-depth guide about what PCI DSS is and how to achieve it for your business. 

Was this article helpful?