The PCI DSS (Payment Card Industry Data Security Standard)was created in 2004 by American Express, Discover, Mastercard, Visa and JCB. It is a set of policies and procedures intended to optimize the security of credit, debit, and cash card transactions and protect cardholders against misuse of their personal information. It applies to all organizations worldwide that transmit, process, or store payment card data.
The 12 requirements of the PCI DSS
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update antivirus software
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security
Compliance with the PCI DSS enables you to:
- Ensure the safety and security of your customers’ payment card data, which means you won’t have to worry quite as much about any potential vulnerabilities in your system
- Avoid the financial penalties and negative PR associated with a data breach
- Demonstrate that your company places a high value on security, which will encourage more customers to trust you with their payment card information
- Comply with other legislation, such as the EU GDPR (General Data Protection Regulation), which regulates the processing of EU residents’ personal data
- Protect yourself not just from payment card data loss but also from other undesirable data breaches
Find out more about IT Governance USA’s PCI DSS services
Some organizations are deterred by the difficulties and costs associated with meeting the requirements of the Standard. However, you can overcome these challenges without disrupting vital business operations. IT Governance USA’s PCI DSS Documentation Toolkit includes all the expert guidance, advice, and fully customizable documentation templates you will need to accelerate your PCI DSS project.
Is your organization #BreachReady?
To help your organization become #BreachReady this summer, IT Governance USA is offering up to 20% off all sorts of solutions to prevent or mitigate the effect of data breaches.