What is Payment Card Industry (PCI) compliance?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of data protection mandates developed by the major payment card companies and imposed on businesses that store, process, or transmit payment card data. Merchants and other businesses that handle credit card data may be subject to fines if they fail to meet the requirements of PCI DSS compliance.

Since these requirements are complex, a high-level PCI compliance checklist can be a helpful starting point to assess your own compliance. Some organizations may also find it useful to develop a detailed PCI compliance checklist to guide their implementation of the standards.


PCI Compliance Checklist

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords
  3. Have policies to protect stored cardholder data
  4. Encrypt transmission of cardholder data across public networks
  5. Use and regularly update anti-virus software
  6. Develop and maintain secure systems and applications
  7. Restrict access to cardholder data on a need-to-know basis
  8. Assign a unique ID to each person with computer access
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security


How can Book4Time help?
Book4Time owns and operates the most advanced cloud-based business management platform for health and wellness businesses. Our service is powered by the world’s largest cloud provider, Amazon EC2.

To simplify your PCI compliance, Book4Time partners with leading payment gateway providers and adheres to its own PCI Compliance and related audits to keep sensitive payment card data from ever entering your infrastructure.

  • Book4Time is PCI compliant, we provide documentation, reporting, and services to support PCI compliance validation for clients who use our products.
  • Book4Time embeds best-in-class web application security technologies into our solutions to help safeguard your sensitive data. These include defenses against SQL injection, one of the most common types of attacks on web service security and data integrity.
  • Book4Time partners with leading payment gateway providers to offer an edge tokenization service that can keep sensitive payment card data from ever entering your infrastructure.
PCI Compliance

Are you PCI compliant?
To establish if you are PCI compliant you are required to complete a Self-Assessment Questionnaire (SAQ), this will help determine if your payment processing setup is PCI compliant. The SAQ is required to be completed annually and includes a series of yes-or-no questions for each applicable PCI DSS requirement.

To learn more about PCI DSS visit the PCI Security Standards Council website at https://www.pcisecuritystandards.org


Schedule a free demo and learn how Book4Time can help you stay PCI compliant:

Find out more about how Book4Time can help your business.

Join the world’s leading spas and salons in using Book4Time’s comprehensive business management software to take your business to the next level.

From the blog.

Book4Time Caps Off 2018 with Record-Breaking Quarter

Spa management software company finishes Q4 2018 with continued growth for main product offerings and new product integrations   TORONTO – Feb. 13, 2019 – Book4Time, the leading global provider…

What’s New in Book4Time: January Product Release Update

The Book4Time team is constantly enhancing and adding new features to improve your spa and wellness establishments based on your comments and feedback. On January 21, we launched the first…

2018: Year in Review & Look Ahead

2018 has been an incredible year for Book4Time, and one of the best in our company’s history. Here are some of the highlights of the year, along with a sneak peak…