To comply with PCI-DSS requirements, you must do the following:
- Use equipment and systems that comply with the PCI-DSS’s requirements for processing and storing sensitive cardholder data
- Educate your employees about the best practices for working with cardholder data
- Complete an annual self-assessment questionnaire (SAQ) or an on-site audit by an external assessor each year
- Carry out software scans to discover potential flaws in your system
Best practices
You should also follow our best practices to help you secure your network, which include the following:
Do
- Use only PCI-DSS approved PIN entry devices
- Use a properly configured firewall on your network and computers
- Use strong passwords and change the default passwords on hardware and software
Don’t
- Share passwords with employees
- Use passwords more than once
- Use weak or insecure protocols for connecting to your access point
- Connect to access points you don’t trust or haven’t set up yourself
- Leave your POS devices unattended