For mobile experiences that accept credit card payments, clients need to host data with a Payment Card Industry Data Security Standard (PCI DSS) compliant hosting provider. What’s the deal with PCI exactly? Bottle Rocket has helped clients become PCI compliant, so we’ll fill you in.
What is PCI Compliance?
PCI compliance certifies that an environment or organization follows standards that make sharing credit card data safe for consumers. The standards of PCI compliance apply to companies of any size that utilize credit card transactions. Every organization, whether responsible for or hosting cardholder data, must meet PCI standards in order to be PCI certified.
Bottle Rocket is responsible for following PCI standards for our client work that involves payments. Our policies fit PCI standards so we and our partners can acclimate easily to the most secure and up-to-date environment.
Why Do I Need to be Compliant?
Depending on your business need, there can be several reasons why PCI compliance is important. The PCI Security Standards Council has 12 PCI compliant requirements, but these three goals of PCI compliance illustrate how meeting PCI standards serves the business and customer.
- Build and/or maintain a secure network – With a firewall and enhanced password and security measures, your entire network is safer when you meet PCI standards.
- Protect cardholder data – Protecting stored and transmitted customer data, you earn and maintain trust for your brand…and avoid any issues with the law.
- Maintain a Vulnerability Management Program – Developing or maintaining secure systems and applications keeps your business running smoothly in support of protecting cardholder data.
How Do I Become PCI Compliant?
There are out-of-the-box compliance solutions, but it’s best to work with organizations who have PCI experience. Businesses with one or more compliant environments who have guided others to compliance offer valuable insight. You’ll need it because things can become complicated—quarterly system and firewall scans, evidence collection, the list goes on. Bottle Rocket helps you make sense of all these criteria to reach your PCI goals. Ultimately, you’ll also need to provide evidence that you’re protecting data.
Bottle Rocket, for instance, provides more than 100 pieces of evidence annually showing our employees who work in environments that involve payments undergo background checks, are trained in compliance, and that our network of third-party partners working with payments also meet PCI standards. We update our clients on network scan progress since we help them become and remain compliant too. For more detailed information, check out this PDF from the PCI Security Standards Council.
Email us with your PCI questions – we can help turn your questions into a secure mobile experience.