This article identifies the 12 PCI DSS requirements that help prevent and mitigate credit card theft

2 min read

12 Tips To Avoid Credit Card Data Breaches

Featured Image

PCI DSS: 12 Requirements to Protect Your Customer’s Credit Card Data

Traditionally, ill-intentioned criminals have targeted banking institutions to reap financial gain. In today’s digital age, the focus has shifted to merchants as the target for valuable resources.  Credit card information that organizations obtain throughout the course of business has become data that thieves seek to collect and profit from.

With more than 510 million records containing sensitive information breached since January 2005, payment card compromise is a critical concern. System vulnerabilities and relaxed security approaches have contributed to this statistic. Non-PCI compliant entities can also suffer increased fees, fines up to $500,000 and suspension of credit card processing abilities from their acquirers.

Payment Card Industry Data Security Standard (PCI DSS) compliance can aid organizations in securing themselves against security risk and protecting their cardholder data.

PCI security standards are technical and operational requirements set forth by the Payment Card Industry Security Standards Council (PCI SSC), which aid an organization in their efforts to secure cardholder data. These standards are applicable to any organization that stores, processes or transmits payment card information.


Twelve High-Level PCI DSS Requirements:

  1. Install and maintain a firewall configuration to protect cardholder data.
  2. Do not use vendor-supplied defaults for system passwords and other security parameters.
  3. Protect stored cardholder data.
  4. Encrypt transmission of cardholder data across open, public networks.
  5. Protect all systems against malware and regularly update anti-virus software or programs.
  6. Develop and maintain secure systems and applications.
  7. Restrict access to cardholder data by business need to know.
  8. Identify and authenticate access to system components.
  9. Restrict physical access to cardholder data.
  10. Track and monitor all access to network resources and cardholder data.
  11. Regularly test security systems and processes.
  12. Maintain a policy that addresses information security for all personnel.

By implementing these controls, entities can mitigate the risks that plague modern organizations, effectively controlling network access and reducing the potential for theft of cardholder data.

These procedures can be easily incorporated into business-as-usual operations. However, companies can sometimes get lost navigating PCI compliance waters. Many have spent exorbitant amounts without achieving compliance. Working with a Qualified Security Assessor (QSA) company, such as Control Gap, can greatly aid an entity in achieving their PCI compliance goals.

To understand your challenges, a scope assessment is typically recommended. Whether you require a Self-Assessment Questionnaire (SAQ) or a full Report on Compliance (ROC), Control Gap is happy to assist you in providing professional and credible service. Contact us today at 1.866.644.8808.

You can also learn more about PCI compliance by reading our blog about PCI Compliance & Why You Need to Be Compliant


This Week's [in]Security - Issue 271

Welcome to This Week’s [in]Security. Non-Compliance Lesson, DSSv4 related, Skimmers, Other Payments. New breaches: 7 breachers per capita, Shields &...

Read More

Non-Compliance Lesson No. 4: Keep your head in the cloud when adopting new technologies

PCI DSS can be hard and not preparing for it just makes things harder. Following this advice is guaranteed to make it both more exciting and painful.

Read More

“Follina” – Critical Zero-Day Exploit for Microsoft Products


Over the past holiday weekend, a tweet from Tokyo-based security researcher “nao_sec” first identified an interesting upload to antivirus...

Read More