Payment Card Industry Information

PCI DSS stands for Payment Card Industry (PCI) Data Security Standard (DSS). It was developed by the major credit card companies as a guideline to help organizations that process card payments prevent credit card fraud, hacking and various other security issues. A company processing, storing, or transmitting credit card numbers must be PCI DSS compliant or they risk losing the ability to process credit card payments.

The PCI DSS reflects the combined interests of VISA, MasterCard, Discover, American Express, and JCB. These five credit card brands have agreed upon a common set of security standards. Prior to this, each card brand managed their own set of requirements:

  • MasterCard - Site Data Protection (SDP) Program
  • VISA - Cardholder Information Security Program (CISP) and Account Information Security (AIS)
  • Discover - Discover Information Security and Compliance (DISC)
  • American Express - Data Security Operating Policies

Merchants and Service Providers must validate compliance with an audit by a PCI DSS Qualified Security Assessor (QSA) Company.

 

What is PCI compliance?

Payment Card Industry Data Security Standards (PCI DSS) are network security and business practice guidelines adopted by Visa, MasterCard, American Express, Discover Card, and JCB to establish a “minimum security standard” to protect customer’s payment card information. It’s a requirement for all merchants that store, transmit, or process payment card information.

How does my business become PCI compliant?
If you are storing, transmitting, or processing payment card information, you must:

Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security

For more information, please refer to the following sites:

https://www.pcisecuritystandards.org/index.htm

http://pcianswers.com/resources/
  		 
Banner
Banner
Banner