FlorEssenceTea.com
PCI-DSS Compliant

PCI DSS stands for Payment Card Industry Data Security Standard.

What PCI DSS standards actually is, however, is a set of guidelines, measures, and controls that were developed by industry to help merchants implement strong security precautions to ensure safe credit card usage and secure information storage. To give the customer and merchants a piece of mind in knowing their website transactions are safe.

The PCI DSS standards were created in response to the need for an environment in which consumers can engage in secure e-commerce. An individual's personal information is a very valuable commodity in today's digital age and we at FlorEssenceTea.com take it very seriously. Almost anything can happen if someone else got a hold of that information. And if word spreads too far, or consumers begin to develop a complete distrust of the digital payment process, they will stop making purchases with their cards.

We at FlorEssenceTea.com welcomed the new PCI DSS standards mandate that any and all merchant who processes, stores, or transmits credit card numbers be compliant with 12 specific requirements.
These requirements can be further broken down into more than 200 individual security controls, but for the purposes of this informative article, we list the 12 main requirements.

  1. Install and maintain a firewall configuration to protect cardholder data.
  2. Do not use vendor-supplied defaults for system passwords and other security parameters.
  3. Protect stored cardholder data.
  4. Encrypt transmission of cardholder data across open, public networks.
  5. Use and regularly update anti-virus software.
  6. Develop and maintain secure systems and applications.
  7. Restrict access to cardholder data by business need-to-know.
  8. Assign a unique ID to each person with computer access.
  9. Restrict physical access to cardholder data.
  10. Track and monitor all access to network resources and cardholder data.
  11. Regularly test security systems and processes.
  12. Maintain a policy that addresses information security.

Originally, the five major credit card companies had their own programs and lists that merchants were required to comply with. The PCI DSS Standards came into being as a result of the realization that their goals, in this instance, were pretty close together. They each knew that a standardized set of guidelines and requirements would make things much easier for merchants to comply with them. The hope was that if the process was made simpler, merchants would be more likely to quicken their compliance.


The PCI DSS standards offer an extensive list of security controls that may be daunting to the average business, however we embraced the technology. In the end, however, it is a guideline for necessary procedures to make compliant business as save as it can be. By taking the time to become and be in compliance, our customers can experience a piece of mind and the long term security benefits that they have a right to.

The world of e-commerce moves at lightning speeds, and sometimes it seems like all we can do just to keep up. Taking the time to look ahead, to plan for evolving security measures and long term defensive strategies seems like time that could be spent doing something else. But we must never forget that it is very important to maintain a firm grasp on long term success.