What is PCI Compliance?

PCI stands for Payment Card Industry.

PCI Compliance means that your services comply with some generally accepted Payment Card Industry security standards

Why is it required?

Banks and other entities that deal with online and in store payments need to know that the minimal steps are taken to prevent fraud and identity theft.

Without evidence that your setup is compliant they will not process Prepaid/Debit/Credit transactions originating from your server.

What are the advantages?

The advantages of PCI Compliance is that you know that your systems meet a generally agreed standard of security.

Credit Card and Payment Processing companies are happy to do business with you and you are less likely to be responsible for fraudulent transactions and receive chargebacks.

Possible Pitfalls

The removal of a number of historical ways of logging on to electronic services can lead to reconfiguration and setup of your existing devices or software. 

For instance, plain logins have to be disabled and many email users will have their clients configured for plain text logins.

The removal of weak encryption ciphers leads to the lockout of a small number of web browsers and email clients, usually on older desktop systems and mobile devices. Unfortunatly there is no way to be PCI compliant and still use old ciphers, and it is always best to make sure you are using the latest version of any software to minimise security risks.