What is PCI compliance?
PCI compliance is a process for attesting that your business adheres to the Payment Card Industry (PCI) Data Security Standard (DSS), a set of data security standards designed to reduce credit card fraud and data breaches. These standards are maintained by the PCI Security Standards Council, a global forum founded by the five major credit card brands.
Every business that accepts or handles debit or credit card payments and data is required to be PCI compliant and to attest that compliance annually to their merchant acquiring bank.
Who benefits from PCI compliance?
You and your customers do. As card security threats become more sophisticated, businesses struggle to keep up with the latest data security practices. PCI standards are continually updated to address these threats, providing the guidelines you need to help protect your business and your customers.
How do businesses become PCI compliant? What are the requirements?
Your specific PCI compliance requirements depend upon how you process card payments and the number of transactions you process annually. However, in general, you must demonstrate your business has taken effective steps to:
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test its networks
- Maintain an information security policy
Explore these resources to learn more about PCI compliance.
The security landscape changes fast. Let us bring you up-to-date:
Get the help you need to become PCI compliant.
Not sure where to start? M&T is here to help with PCI Advance, an online tool that helps you navigate the compliance process. As one of our merchants, you’re automatically enrolledDIS-347-DIS in this all-in-one, PCI compliance solution. You’ll receive an email with links to activate your PCI Advance account.
Developed by SecurityMetrics, a global leader in merchant data security, PCI Advance includes:
- Liability warrantyDIS-476-DIS of up to $100,000 in the event of a breach
- Assistance completing the Self-Assessment Questionnaire appropriate for your business
- IP address scanning to detect vulnerabilities in your system(s)
- 24X7 support from SecurityMetrics
- Reminders about your submission status and annual reassessment due date
Get started with PCI compliance today.