PCI Security Standards
PCI and the Data Security Standards (DSS), establish protocols for protection of cardholder data, mandating how card numbers and expiration dates must be protected. This is known as PCI Security.
The Basics of PCI Compliance and Validation Regulations
These regulations apply to financial institutions, Internet vendors and all e-commerce and retail merchants. The rules spell out what security measures must be taken to protect the private information of employers and employees during any transactions occurring with the use of a credit/debit card. They also require certain auditing procedures. The Payment Card Industry Data Security Standard (PCI DSS) is used by all card brands to assure the security of the data gathered while an employee is making a transaction at a bank or participating vendor.
There are six categories of PCI compliance security standards.
|PCI Data Security Standards Council
|Build and Maintain a Secure Network
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
|Protect Cardholder Data
- Protect stored cardholder data
- Encrypt transmission of cardholder data and sensitive information across open, public networks
|Maintain a Vulnerability Management Program
- Protect all systems against malware and regularly update anti-virus software or programs
- Develop and maintain secure systems and applications
|Implement Strong Access Control Measures
- Restrict access to data by business need-to-know
- Identify and authenticate access to system components
- Restrict physical access to cardholder data
|Regularly Monitor and Test Networks
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
|Maintain an Information Security Policy
- Maintain a policy that addresses information security for all personnel
Source: PCI Security Standards Council
If you need help, call or email us now.