It is hard to believe that the PCI DSS is over 15 years old and yet people still struggle with what it is!? It’s time to stop tearing your hair out. We’ve got you covered with all you need to know in our new PCI Primer blog series, and we’re starting with the basics.
PCI DSS is a global security standard developed and maintained by the PCI Security Standards Council and adopted by payment card brands for all organizations that process, store or transmit cardholder data and/or sensitive authentication data such as primary account number (PAN), cardholder name, card expiration date and card verification value (CVV). These requirements are meant to mirror information security best practices.
These requirements are:
- Install and maintain a firewall in order to protect sensitive data.
- Avoid vendor-supplied defaults for passwords or other parameters.
- Protect stored cardholder data.
- Encrypt cardholder data across open networks during transmission.
- Keep anti-virus programs up-to-date to protect against malware.
- Develop and maintain secure systems and applications.
- Restrict access to cardholder data to only those who need to know.
- Identify and authenticate access to system components.
- Restrict physical access to cardholder data.
- Monitor access to cardholder data and other resources.
- Regularly test security systems and processes.
- Develop an information security policy for all personnel.
Source: PCI Security Standards Council, LLC | www.pcisecuritystandards.org
PCI DSS compliance shows that your business has the proper environment and controls in place to process, store and transmit payment information – building trust with existing customers and attracting new clients. Not PCI compliant yet? Auditwerx, a certified PCI QSA, can help. If you’re ready for professional guidance from a PCI specialist, contact us today!
Next time, we’ll be examining why following these requirements is important to your business. Stay tuned for more from our team!