What is Payment Card Industry (PCI) compliance?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of data protection mandates developed by the major payment card companies and imposed on businesses that store, process, or transmit payment card data. Merchants and other businesses that handle credit card data may be subject to fines if they fail to meet the requirements of PCI DSS compliance.

Since these requirements are complex, a high-level PCI compliance checklist can be a helpful starting point to assess your own compliance. Some organizations may also find it useful to develop a detailed PCI compliance checklist to guide their implementation of the standards.


PCI Compliance Checklist

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords
  3. Have policies to protect stored cardholder data
  4. Encrypt transmission of cardholder data across public networks
  5. Use and regularly update anti-virus software
  6. Develop and maintain secure systems and applications
  7. Restrict access to cardholder data on a need-to-know basis
  8. Assign a unique ID to each person with computer access
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security


How can Book4Time help?
Book4Time owns and operates the most advanced cloud-based business management platform for health and wellness businesses. Our service is powered by the world’s largest cloud provider, Amazon EC2.

To simplify your PCI compliance, Book4Time partners with leading payment gateway providers and adheres to its own PCI Compliance and related audits to keep sensitive payment card data from ever entering your infrastructure.

  • Book4Time is PCI compliant, we provide documentation, reporting, and services to support PCI compliance validation for clients who use our products.
  • Book4Time embeds best-in-class web application security technologies into our solutions to help safeguard your sensitive data. These include defenses against SQL injection, one of the most common types of attacks on web service security and data integrity.
  • Book4Time partners with leading payment gateway providers to offer an edge tokenization service that can keep sensitive payment card data from ever entering your infrastructure.
PCI Compliance

Are you PCI compliant?
To establish if you are PCI compliant you are required to complete a Self-Assessment Questionnaire (SAQ), this will help determine if your payment processing setup is PCI compliant. The SAQ is required to be completed annually and includes a series of yes-or-no questions for each applicable PCI DSS requirement.

To learn more about PCI DSS visit the PCI Security Standards Council website at https://www.pcisecuritystandards.org


Schedule a free demo and learn how Book4Time can help you stay PCI compliant:

Find out more about how Book4Time can help your business.

Join the world’s leading spas and salons in using Book4Time’s comprehensive business management software to take your business to the next level.

From the blog.

How to Build and Maintain a Great Spa Company Culture

Creating a strong company culture can elevate your customer experience and place your spa among one of the best in the world. It is definitely something you should pay great…

What’s New in Book4Time: October Product Release Update

The Book4Time team is constantly enhancing and adding new features to improve your spa and wellness establishments based on your comments and feedback.  On October 2, we launched our fall…

Guest Intake showcases their Intake Solution at BOLD Conference

Last week, Guest Intake (a product of Book4Time Inc.) participated in BOLD | The Mindbody Conference in San Diego, California. This fantastic conference brings together business owners from the wellness,…