If you store or process credit card data, PCI is important to you. The Payment Card Industry Data Security Standard is not a law but instead, it is a thorough set of rules put forth by the five major issuers of credit cards.
The PCI Data Security Standard specifies twelve requirements for compliance, organized into six logically related groups called “control objectives.”
These six groups are:
1. Build and Maintain a Secure Network and Systems
2. Protect Cardholder Data
3. Maintain a Vulnerability Management Program
4. Implement Strong Access Control Measures
5. Regularly Monitor and Test Networks
6. Maintain an Information Security Policy
As Our Customer
For complete compliance, the GDV customer primary environment must be PCI compliant. If an audit or certification program has not been undertaken, we recommend completing the Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance, found here.
GDV customers who are subject to the PCI DSS should notify GDV of this requirement and their intention and plan to comply.
GDV and PCI
GDV layers our compliance with PCI through combining your compliance with our adherence to a thorough list of internal controls and policies.