PCI compliance requirements in plain English

Information security policies. Documents that cover employee requirements and specify how the items below are carried out.

Maintain a firewall.

Change 3rd party default passwords and security settings. (Ex. disable services not needed on operating systems.)

Protect stored cardholder data.

Encrypt cardholder data when transmitting it across open, public networks.

Use and regularly update antivirus software.

Develop security systems and processes.

Restrict access to cardholder data to a need-to-know basis.

Assign user IDs to everybody with computer access.

Restrict physical access to cardholder data.

Track and monitor who accesses networks and cardholder data.

Regularly test systems and processes.