Secure cardholder data to keep customers and business safe. Adhering to global data security standards is a must for every organization in the payment card industry.
What is PCI-DSS?
The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information. The PCI DSS is a security standard developed and maintained by the PCI (Payment Card Industry) Council, USA.
What are the requirements of PCI-DSS?
PCI DSS requires organizations to comply with 12 general data security requirements. The requirements were developed and are maintained by the Payment Card Industry (PCI) Security Standards Council. Any organization that handles payment cards, including debit and credit cards, must meet the 12 requirements.
PCI DSS 12 requirements
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update antivirus software
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security
What are the key benefits of PCI-DSS?
- Risk reduction in security breaches
- Security assurance to customers and organizations
- Improved customer relationship
- Boost to profits
- Avoidance of costly fines
- Enhances company reputation
- Sustains business
