PCI DSS standards are updated every three years. UBC merchants must keep up-to-date with the PCI standards. 

Here is a high-level overview of the PCI DSS requirements:

Changes to the PCI standards follow a defined 36-month life-cycle. The lifecycle ensures a gradual, phased introduction of new versions of the standard in order to prevent organizations from becoming non-compliant when changes are published. (PCI SSC)

Build and Maintain a Secure Network and Systems

  • Install and maintain a firewall configuration to protect cardholder data
  • Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

  • Protect all systems against malware and regularly update anti-virus software or programs
  • Develop and maintain secure systems and applications

Implement Strong Access Control Measures

  • Restrict access to cardholder data by business need to know
  • Identify and authenticate access to system components
  • Restrict physical access to cardholder data

Regularly Monitor and Test Networks

  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes

Maintain an Information Security Policy

  • Maintain a policy that addresses information security for all personnel

Review Credit Card Processing Requirements

Review Merchant Level Requirements

Review UBC Option for eCommerce Processing