PCI DSS: 12 Requirements to Protect Your Customer’s Credit Card Data
Traditionally, ill-intentioned criminals have targeted banking institutions to reap financial gain. In today’s digital age, the focus has shifted to merchants as the target for valuable resources. Credit card information that organizations obtain throughout the course of business has become data that thieves seek to collect and profit from.
With more than 510 million records containing sensitive information breached since January 2005, payment card compromise is a critical concern. System vulnerabilities and relaxed security approaches have contributed to this statistic. Non-PCI compliant entities can also suffer increased fees, fines up to $500,000 and suspension of credit card processing abilities from their acquirers.
Payment Card Industry Data Security Standard (PCI DSS) compliance can aid organizations in securing themselves against security risk and protecting their cardholder data.
PCI security standards are technical and operational requirements set forth by the Payment Card Industry Security Standards Council (PCI SSC), which aid an organization in their efforts to secure cardholder data. These standards are applicable to any organization that stores, processes or transmits payment card information.
Twelve High-Level PCI DSS Requirements:
Install and maintain a firewall configuration to protect cardholder data.
Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect stored cardholder data.
Encrypt transmission of cardholder data across open, public networks.
Protect all systems against malware and regularly update anti-virus software or programs.
Develop and maintain secure systems and applications.
Restrict access to cardholder data by business need to know.
Identify and authenticate access to system components.
Restrict physical access to cardholder data.
Track and monitor all access to network resources and cardholder data.
Regularly test security systems and processes.
Maintain a policy that addresses information security for all personnel.
By implementing these controls, entities can mitigate the risks that plague modern organizations, effectively controlling network access and reducing the potential for theft of cardholder data.
These procedures can be easily incorporated into business-as-usual operations. However, companies can sometimes get lost navigating PCI compliance waters. Many have spent exorbitant amounts without achieving compliance. Working with a Qualified Security Assessor (QSA) company, such as Control Gap, can greatly aid an entity in achieving their PCI compliance goals.
To understand your challenges, a scope assessment is typically recommended. Whether you require a Self-Assessment Questionnaire (SAQ) or a full Report on Compliance (ROC), Control Gap is happy to assist you in providing professional and credible service. Contact us today at 1.866.644.8808.