What is Payment Card Industry (PCI) compliance?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of data protection mandates developed by the major payment card companies and imposed on businesses that store, process, or transmit payment card data. Merchants and other businesses that handle credit card data may be subject to fines if they fail to meet the requirements of PCI DSS compliance.

Since these requirements are complex, a high-level PCI compliance checklist can be a helpful starting point to assess your own compliance. Some organizations may also find it useful to develop a detailed PCI compliance checklist to guide their implementation of the standards.

PCI Compliance Checklist

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords
  3. Have policies to protect stored cardholder data
  4. Encrypt transmission of cardholder data across public networks
  5. Use and regularly update anti-virus software
  6. Develop and maintain secure systems and applications
  7. Restrict access to cardholder data on a need-to-know basis
  8. Assign a unique ID to each person with computer access
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security

Are you PCI compliant?
To establish if you are PCI compliant you are required to complete a Self-Assessment Questionnaire (SAQ), this will help determine if your payment processing setup is PCI compliant. The SAQ is required to be completed annually and includes a series of yes-or-no questions for each applicable PCI DSS requirement.

To learn more about PCI DSS visit the PCI Security Standards Council website at https://www.pcisecuritystandards.org

PCI Compliance

How can Book4Time help?
Book4Time owns and operates the most advanced cloud-based business management platform for health and wellness businesses. Our service is powered by the world’s largest cloud provider, Amazon EC2.

To simplify your PCI compliance, Book4Time partners with leading payment gateway providers and adheres to its own PCI Compliance and related audits to keep sensitive payment card data from ever entering your infrastructure.

  • Book4Time is PCI compliant, we provide documentation, reporting, and services to support PCI compliance validation for clients who use our products.
  • Book4Time embeds best-in-class web application security technologies into our solutions to help safeguard your sensitive data. These include defenses against SQL injection, one of the most common types of attacks on web service security and data integrity.
  • Book4Time partners with leading payment gateway providers to offer an edge tokenization service that can keep sensitive payment card data from ever entering your infrastructure.


Find out more about how Book4Time can help your business.

Join the world’s leading spas and salons in using Book4Time’s comprehensive business management software to take your business to the next level.

From the blog.

How to write a customer satisfaction survey that actually tells you what you need to know

When writing a customer satisfaction survey, there are rules you should follow in order to get the responses and information you want. Sending a follow up survey after a guest…

Ace your customer experience: here’s how

Good customer service is a huge driver of business success, and it’s well worth spending time and money to improve yours. How important is good customer service? Well, put simply,…

Increase your chances of retaining staff by starting new hires off right

There’s a good chance you’re going to be hiring new staff this coming year. As the number of spa visits continues to grow, so does the demand for skilled therapists…