Browse through our library, search by title or filter by topic.

PCI Compliance for Billers

Compliance with The Payment Card Industry Data Security Standard (PCI DSS) is mandatory for those that accept credit cards and for software providers who have applications that involve the transmission and/or storage of credit card information.

Security controls are as much about physical restrictions as they are about technology systems and procedures. Whether a biller accepts payments online or by mail, they must ensure the physical security of any PC that receives or stores credit card data. Receiving credit card payments by mail adds another layer of responsibility to maintain PCI compliance. Why? Because now they must also exert physical control over paper documents which contain credit card data.

A successful PCI compliance program requires a partnership between your IT staff, your payments vendors and a PCI assessor. The PCI compliance checklist for businesses that handle payment card data consists of these 12 requirements.

  1. Use a firewall
  2. Do not use vendor-supplied passwords
  3. Do not store cardholder data, or if you must, protect it
  4. Encrypt transmission of cardholder data
  5. Use anti-virus software
  6. Maintain secure systems and applications
  7. Restrict access to cardholder data
  8. Assign unique user IDs
  9. Restrict physical access to cardholder data
  10. Monitor all access to cardholder data
  11. Regularly test systems and processes
  12. Maintain a security policy

Filter by Topic(select one)

  • ACH Payments

    Who manages the ACH Network? What is same-day ACH and is it mandatory?...

  • Check Imaging

    Are checks going away in the US? What are other countries doing with paper checks?...

  • Receivables

    What are the current trends with consumer bill payments?  How will the USPS changes affect us?...

  • Risk Management

    Is payments fraud on the rise? Where are the highest risks and what can we do?...

  • Payments Infrastructure

    What are the latest scanner introductions? Is a Virtual Environment right for me?...