PCI-DSS short version of  “Payment card Industry Data Security Standart”. It is mandated requirements for anyone processing credit cards regardless of the size or nature of the business.  So what is pci-dss and how to be compliant with pci-dss. Without going into much detail we will summarize it to its most important aspects.

PCI-DSS compliance simply a framework to prevent data loss and customer credit card data.

Every merchant has to be PCI compliant if you process credit cards.

Being PCI compliant doesn’t mean that there wouldn’t be any data breaches. It is simply best practices to eliminate such occurance. Advantage of PCI compliance is that; if you suffer from an data breach incident your fines wouldn’t be as bad as another merchant without a PCI compliant setup.

Depending on your PCI level your networks needs to be periodically scanned for malicious activity. It can be done in-house by using self assessment questionnaire or hire an outside consultant to do the necessary tasks. Here is the full list of  approved scanning vendors.