What is Payment Card Industry (PCI) compliance?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of data protection mandates developed by the major payment card companies and imposed on businesses that store, process, or transmit payment card data. Merchants and other businesses that handle credit card data may be subject to fines if they fail to meet the requirements of PCI DSS compliance.

Since these requirements are complex, a high-level PCI compliance checklist can be a helpful starting point to assess your own compliance. Some organizations may also find it useful to develop a detailed PCI compliance checklist to guide their implementation of the standards.

PCI Compliance Checklist

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords
  3. Have policies to protect stored cardholder data
  4. Encrypt transmission of cardholder data across public networks
  5. Use and regularly update anti-virus software
  6. Develop and maintain secure systems and applications
  7. Restrict access to cardholder data on a need-to-know basis
  8. Assign a unique ID to each person with computer access
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security

Are you PCI compliant?
To establish if you are PCI compliant you are required to complete a Self-Assessment Questionnaire (SAQ), this will help determine if your payment processing setup is PCI compliant. The SAQ is required to be completed annually and includes a series of yes-or-no questions for each applicable PCI DSS requirement.

To learn more about PCI DSS visit the PCI Security Standards Council website at https://www.pcisecuritystandards.org

PCI Compliance

How can Book4Time help?
Book4Time owns and operates the most advanced cloud-based business management platform for health and wellness businesses. Our service is powered by the world’s largest cloud provider, Amazon EC2.

To simplify your PCI compliance, Book4Time partners with leading payment gateway providers and adheres to its own PCI Compliance and related audits to keep sensitive payment card data from ever entering your infrastructure.

  • Book4Time is PCI compliant, we provide documentation, reporting, and services to support PCI compliance validation for clients who use our products.
  • Book4Time embeds best-in-class web application security technologies into our solutions to help safeguard your sensitive data. These include defenses against SQL injection, one of the most common types of attacks on web service security and data integrity.
  • Book4Time partners with leading payment gateway providers to offer an edge tokenization service that can keep sensitive payment card data from ever entering your infrastructure.


Find out more about how Book4Time can help your business.

Join the world’s leading spas and salons in using Book4Time’s comprehensive business management software to take your business to the next level.

From the blog.

Why your spa clients aren’t coming back and what you can do about it

Returning customers are an imperative part of your spa business. We all know it costs significantly more to obtain a new customer than it does to retain an existing one….

Book4Time Shortlisted for 2018 SaaS Awards

MARKHAM, ONTARIO – 2 August 2018 – Book4Time is a finalist in the 2018 SaaS Awards Program in the category Best Enterprise-Level SaaS Product (non-US) and Best SaaS Product for…

Book4Time continues record growth, opens new office in London

FOR IMMEDIATE RELEASE   Markham, Ontario – July 30, 2018 – We’re proud to announce that Book4Time, the world’s most innovative spa management software company, continues to break records into Q2 of…