What is PCI compliance?
PCI stands for Payment Card Industry. The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment.
Who is required to provide proof of compliance?
PCI applies to any merchant or organization that accepts, transmits or stores any cardholder data, regardless of size. If you accept transactions from customers using credit or debit cards, the PCI DSS requirements apply.
How do you show proof of compliance?
To show proof of compliance, you must provide Attestation of Compliance document. In addition, if using a third-party platform such as BigCommerce, you will need to provide this Attestation of PCI DSS Compliance: 2017 - 2018 Attestation of PCI DSS Compliance
Why do I need to reset my password every 90 days?
It is part of the requirements stated in Requirement 8 of Version 3.0 of the Payment Card Industry Data Security Standards. In order to remain PCI compliant the password must change at least every 90 days. See PCI Compliance Password Requirements for more details.
Why was I logged out of my store?
Another requirement for PCI compliance requires that if there is no activity for a set amount of time, the session has to time out. By default this is set to 15 minutes, meaning if you are logged into your store's control panel but do not click anything for 15 minutes, the system will log out. See Control Panel Timeout Window for more information on how to adjust this setting.
PCI FAQs — This FAQ comes directly from the organization that governs PCI Compliance standards.
Everything You Need to Know About (Achieving) PCI Compliance — An in-depth guide about what PCI DSS is and how to achieve it for your business.