There are many different standards you must accept if your company processes payment card information, in relation to the PCI DSS. These standards help to manage the technical and operational system components connected to the way you handle payment card information.
PCI DSS Goals & Requirements
- Build and Maintain a Secure Network – Ensure the implementation and maintenance of a firewall. Never utilize vendor-supplied defaults in your system security parameters (like passwords).
- Protect Cardholder Data – Protect stored data and encrypt the transmission of said data across open networks.
- Manage Vulnerabilities – Develop secure systems and applications, and ensure that your anti-virus software is updated regularly.
- Utilize Strong Access Control Measures – Restrict access to data to only those who truly need to know. Assign a unique ID to users who need access for business purposes. Ensure physical safeguards are in place.
- Monitor and Test Networks – Implement a system to track access to network resources or cardholder data. Regularly test your systems and remediate issues.
- Establish an Information Security Policy – Create a clear policy that addresses system security for all employees or contractors.
Quick Keys for PCI DSS Success
As a model framework for payment card information security, the PCI DSS integrates best practices that are useful for any business. The standard works for companies both large and small – and it can work for you too!
Here are some quick key steps that you can take to help keep sensitive payment data secure:
- Ensure the use of approved PIN devices at your POS.
- Only utilize validated payment solutions at your POS or on your website.
- Never store payment information on your computer or on paper.
- Use a firewall for your network.
- Make sure your wireless routers are password protected and use encryption.
- Change default passwords on all hardware or software.
- Regularly check for rogue software or “skimming” devices.
- Train your employees in the proper and secure ways to collect data.
- Follow the PCI DSS Security standards!
Auditwerx is Your Trusted PCI Partner
When it comes to PCI DSS compliance, Auditwerx can be your one-stop-shop! As a PCI Qualified Security Assessor Company (QSAC), we have offered PCI DSS compliance solutions for businesses of all sizes for over 10 years. Contact us today.