Overview

The Payment Card Industry Data Security Standard (PCI-DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes.

The basic purpose of implementing the PCI DSS is to prevent any compromise of cardholder information at the hands of a malicious user. It helps merchants to protect their clients from facing any fraud over the internet, or in day to day credit card transactions by fulfilling all the requirements. By having a proactive approach towards the security of cardholder data, merchants decrease the probability of any potential online theft, fraud and security breach, which in turn helps prevent them from undergoing financial loss in the long run.

Features:

• The PCI DSS applies to all entities that store, process, and/or transmit cardholder data.
• It covers technical and operational system components included in or connected to cardholder data.
• There are three ongoing steps for adhering to the PCI DSS:
  • Assess identifying cardholder data, taking an inventory of your IT assets and business processes for payment card processing, and analyzing them for vulnerabilities that could expose cardholder data.
  • Remediate fixing vulnerabilities and not storing cardholder data unless you need it.
  • Report compiling and submitting required remediation validation records (if applicable), and submitting compliance reports to the acquiring bank and card brands you do business with.
• PCI DSS follows common sense steps that mirror best security practices

Process:

• Build and Maintain a Secure Network
  • Install and maintain a firewall configuration to protect data
  • Do not use vendor-supplied defaults for system passwords and other security parameters
• Protect Cardholder Data
  • Protect stored data (use encryption)
  • Encrypt transmission of cardholder data and sensitive information across public net
• Maintain a Vulnerability Management Program
  • Use and regularly update anti-virus software
  • Develop and maintain secure systems and applications
• Implement Strong Access Control Measures
  • Restrict access to data by business need-to-know
  • Assign a unique ID to each person with computer access
  • Restrict physical access to cardholder data
• Regularly Monitor and Test Networks
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
• Maintain an Information Security Policy
  • Maintain a policy that addresses Information Security

Benefits:

• A secure network must be maintained in which transactions can be conducted.
• Cardholder information must be protected wherever it is stored.
• Systems should be protected against the activities of malicious hackers.
• Used frequently updated anti-virus software, anti-spyware programs, and other anti-malware solutions for protect data.
• Access to system information and operations should be restricted and controlled.
• Networks must be constantly monitored and regularly tested.
• A normal information security policy must be defined, maintained, and followed at all times and by all participating entities.