What is PCI DSS and What are the Requirements?

What is PCI DSS and What are the Requirements?

PCI DSS is the Payment Card Industry Data Security Standard. This framework applies to any organization that handles transactions, transmits, or stores any cardholder data. Launched in 2006 to improve security based on payment card data, it has since become a standard for any organization that handles payment card information. PCI DSS itself is not a law, but rather a standard created by major card industry brands like Visa, MasterCard, Discover, AMEX, and JCB. If you do not comply with these standards and use any of these major cardholders, there are fines and consequences.

12 requirements of PCI DSS

There are 12 general requirements regarding PCI DSS that an organization must abide by:

1. Install and maintain a firewall configuration to protect cardholder data.

2. Do not use vendor-supplied defaults for system passwords and other security parameters.

3. Protect stored cardholder data.

4. Encrypt transmission of cardholder data across open, public networks.

5. Use and regularly update anti-virus software on all systems commonly affected by malware.

6. Develop and maintain secure systems and applications.

7. Restrict access to cardholder data by business need-to-know.

8. Assign a unique ID to each person with computer access.

9. Restrict physical access to cardholder data.

10. Track and monitor all access to network resources and cardholder data.

11. Regularly test security systems and processes.

12. Maintain a policy that addresses information security.

There are plenty of other steps to becoming PCI DSS compliant, these are just the requirements to protect cardholder data. If you or your organization need to become PCI DSS compliant, please feel free to reah out to Careful Security to help get you started or visit our PCI DSS compliance page on our website.