Is your ability to process credit cards at risk?
The deadline for companies to be using a PCI-DSS compliant payment application was July 1, 2010, according the PCI Data Security Standards. We’ve created this resource center to document PCI-DSS, and to assist you to achieve compliance.
What is PCI-DSS Compliance?
The Payment Card Industry Data Security Standard established a set of requirements for enhancing the data security of payment accounts. The far-reaching requirements include standards for security management, policies, procedures, network architecture, software design, and other measures created to protect customer account data.
The developers of the PCI-DSS (American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International collaborated on the standards in order to facilitate global adoption of consistent data security measures.
Twelve requirements for PCI-DSS compliance:
Build and Maintain a Secure Network
- Install and maintain a firewall and use unique, high-security, passwords with special care to replace default passwords.
- Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
- Whenever possible, cardholder data must not be stored.
- You must also encrypt any data passed across public networks, including your shopping cart and web-hosting providers.
Maintain a Vulnerability Management Program
- Use anti-virus and keep it up date.
- Develop and maintain secure operating systems and payment applications. Ensure the applications you use are compliant (see www.visa.com/pabp).
Implement Strong Access Control Measures
- Access to cardholder data – both electronic and physical – should be on a “need-to-know” basis.
- Ensure those people with access have a unique ID and password. Do not share logon information.
- Restrict physical access to cardholder data
Regularly Monitor and Test Networks
- Track and monitor all access to networks and cardholder data.
- Ensure you have a regular testing schedule for security systems and processes including firewalls, patches and anti-virus.
Maintain an Information Security Policy
- It’s critical that your organization has a resource for governing your company’s data security. Ensure you have a policy and that it’s disseminated and updated regularly.
Review PCI DSS Self-Assessment – This is the questionnaire provided by the PCI Standards Security Council
Credit Card and PCI Security Standard Council Contact Info: