top of page
Search

Understanding PCI Data Security Standards

If your business handles credit card transactions, you're likely familiar with the Payment Card Industry Data Security Standard (PCI DSS). Developed by major credit card companies, PCI DSS provides a set of requirements designed to ensure that all organizations that process, store, or transmit credit card information maintain a secure environment. 


Overview  


The PCI DSS is a proprietary information security standard administered by the Payment Card Industry Security Standards Council. It applies to all organizations that store, process, or transmit cardholder data, regardless of size or number of transactions. Compliance with PCI DSS is required for all organizations that accept credit card payments. 


Key Terms Explained 

Term 

Definition 

PCI DSS 

Payment Card Industry Data Security Standard 

Cardholder Data 

Sensitive data printed or stored on a payment card, including the Primary Account Number (PAN), Cardholder Name, Expiration Date, and Service Code. 

PAN 

Primary Account Number, or the 16-digit credit card number. 

SAQ 

Self-Assessment Questionnaire, a validation tool used to evaluate PCI DSS compliance. 

 

Compliance Guidelines  


To achieve PCI DSS compliance, organizations must adhere to the following 12 requirements: 


  1. Install and maintain a firewall to protect cardholder data. 

  1. Do not use vendor-supplied defaults for system passwords and other security parameters. 

  1. Protect stored cardholder data. 

  1. Encrypt transmission of cardholder data across open, public networks. 

  1. Use and regularly update anti-virus software on all systems. 

  1. Develop and maintain secure systems and applications. 

  1. Restrict access to cardholder data by business need-to-know. 

  1. Assign a unique ID to each person with computer access. 

  1. Restrict physical access to cardholder data. 

  1. Track and monitor all access to network resources and cardholder data. 

  1. Regularly test security systems and processes. 

  1. Maintain a policy that addresses information security. 

Compliance with PCI DSS is an ongoing process that requires annual validation. Depending on the organization's size and processing volume, validation may involve an on-site assessment by a qualified security assessor or completion of a Self-Assessment Questionnaire (SAQ). 


By adhering to PCI DSS requirements, organizations can protect cardholder data, reduce the risk of data breaches, and maintain consumer trust in their payment processing systems. 

Recent Posts

See All

Comments

Contact Us

Thanks for submitting!

© 2035 by BrainStorm. Powered and secured by Wix

bottom of page