PCI DSS Requirements: What You Need to Know

Table of Contents

Compliance Questions?

Speak to a Specialist

Key Takeaways

  1. Protect Stored and Transmitted Data: The core security goal is to protect cardholder data wherever it resides. This requires always protecting stored data and mandating strong encryption when transmitting card data across open networks.

  2. Never Use Defaults, Always Use a Firewall: Foundational security requires building a secure network environment, which includes the implementation and maintenance of a firewall and immediately changing all vendor-supplied default passwords and security settings on all system components.

  3. The Twelve Foundational Requirements: PCI DSS is built upon six goals, divided into twelve core requirements that mandate controls like strict access control (the “need-to-know” principle), regular monitoring and testing of networks, vulnerability management, and establishing a formal information security policy.

Understanding PCI DSS Standards

There are many different standards you must accept if your company processes payment card information, in relation to the PCI DSS. These standards help to manage the technical and operational system components connected to the way you handle payment card information.

PCI DSS Goals & Requirements

  • Build and Maintain a Secure Network –  Ensure the implementation and maintenance of a firewall. Never utilize vendor-supplied defaults in your system security parameters (like passwords). 
  • Protect Cardholder Data –  Protect stored data and encrypt the transmission of said data across open networks. 
  • Manage Vulnerabilities  – Develop secure systems and applications, and ensure that your anti-virus software is updated regularly. 
  • Utilize Strong Access Control Measures – Restrict access to data to only those who truly need to know. Assign a unique ID to users who need access for business purposes. Ensure physical safeguards are in place. 
  • Monitor and Test Networks – Implement a system to track access to network resources or cardholder data. Regularly test your systems and remediate issues. 
  • Establish an Information Security Policy – Create a clear policy that addresses system security for all employees or contractors. 

Speak to a Compliance Specialist.

Book a free consultation with a specialist to check off your compliance needs. Secure your spot today.
Book a Meeting

Quick Keys for PCI DSS Success

As a model framework for payment card information security, the PCI DSS integrates best practices that are useful for any business. The standard works for companies both large and small – and it can work for you too! 

Here are some quick key steps that you can take to help keep sensitive payment data secure: 

  • Ensure the use of approved PIN devices at your POS. 
  • Only utilize validated payment solutions at your POS or on your website.  
  • Never store payment information on your computer or on paper. 
  • Use a firewall for your network. 
  • Make sure your wireless routers are password protected and use encryption. 
  • Change default passwords on all hardware or software. 
  • Regularly check for rogue software or “skimming” devices. 
  • Train your employees in the proper and secure ways to collect data. 
  • Follow the PCI DSS Security standards! 

Subscribe to our newsletter.

Stay up to date with the latest from Auditwerx.
Sign Up Today

Auditwerx is Your Trusted PCI Partner

When it comes to PCI DSS compliance, Auditwerx can be your one-stop-shop! As a PCI Qualified Security Assessor Company (QSAC), we have offered PCI DSS compliance solutions for businesses of all sizes for over 10 years. Contact us today. 

FAQs

The Payment Card Industry Data Security Standard (PCI DSS) is built around six security goals to protect sensitive payment data:

  1. Build and Maintain a Secure Network

  2. Protect Cardholder Data

  3. Manage Vulnerabilities

  4. Utilize Strong Access Control Measures

  5. Monitor and Test Networks

  6. Maintain an Information Security Policy

PCI DSS requires organizations to develop and maintain secure systems and applications. This includes a critical focus on keeping all antivirus software up-to-date and regularly performing system testing to identify and remediate security issues before they can be exploited.

Strong Access Control is mandated, specifically requiring that access to cardholder data be restricted on a “need-to-know” basis, meaning personnel only get the access required for their job function. Furthermore, every person with access for business purposes must be assigned a unique ID for tracking and accountability.

To secure sensitive payment data, organizations should immediately implement these key steps: never store payment information on computers or paper; use a firewall for the network; use encryption and strong passwords on all wireless routers; and train employees on secure data collection practices.

Get a Quote
Lead Gen TBD

About the Author

Picture of Auditwerx Team
Auditwerx Team
Tampa-based Auditwerx has provided over 3,500 security compliance reports to clients nationally and internationally since 2009, leveraging the specialized resources and experts of a top accounting firm for high-quality, personalized service. As a division of Carr, Riggs & Ingram Capital, LLC, Auditwerx offers clients the skills of a large firm—including CISSPs and CISAs—combined with the accessibility of a niche, boutique firm, dedicated to building long-term, transparent partnerships.

Related Content

Gain Deeper Insights