PCI-DSS

Payment Card Industry Data Security Standard

The payment card industry needs to ensure the security of their cardholder data. Breaches in cardholder information can have costly and serious consequences. Compliance to a global standard that ensures data security in payment transactions will give assurance to customers that you have a strong commitment to protecting their cardholder information. To be compliant to a data security standard is essential for any organization that store, process and transmit cardholder data to ensure business continuity. Organizations requires compliance to such a standard in order to sustain their business, gain benefits, manage risks and give greater customer security assurance.

What is PCI-DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information. The PCI DSS is a security standard developed and maintained by the PCI (Payment Card Industry) Council, USA.

What are the requirements of PCI-DSS?

PCI DSS requires organizations to comply with 12 general data security requirements. The requirements were developed and are maintained by the Payment Card Industry (PCI) Security Standards Council. Any organization that handles payment cards, including debit and credit cards, must meet the 12 requirements.

PCI DSS 12 requirements

  1. Install and maintain a firewallconfiguration to protect cardholder data
  2. Do not use vendor-supplied defaultsfor system passwordsand other security parameters
  3. Protect stored cardholder data
  4. Encrypttransmission of cardholder data across open, public networks
  5. Use and regularly update antivirus software
  6. Develop and maintain secure systems and applications
  7. Restrict access to cardholder data by business need-to-know
  8. Assign a unique ID to each person with computer access
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data 
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security

What are the key benefits of PCI-DSS?

 

  • Risk reduction insecurity breaches
  • Security assurance to customers and organizations
  • Improved customer relationship
  • Boost to profits
  • Avoidance of costly fines
  • Enhances company reputation
  • Sustains business