Payment Card Industries Data Security Standards
Payment Card Industry (PCI) Data Security Standards (DSS) require merchants to protect sensitive cardholder information. PCI DSS compliance requirements mandate that each state agency accepting credit card payments complete an annual assessment of their card processing environment. Requirements under PCI DSS vary greatly depending on an agency's acceptance environment.
According to the PCI Security Standards Council, "there are three steps for adhering to the PCI DSS – which is not a single event, but a continuous, ongoing process. First, Assess -- identify cardholder data, take an inventory of your IT assets and business processes for payment card processing, and analyze them for vulnerabilities that could expose cardholder data. Second, Remediate -- fix vulnerabilities and do not store cardholder data unless you need it. Third, Report -- compile and submit required remediation validation records (if applicable), and submit compliance reports to the acquiring bank and card brands you do business with."