PCI DSS Services - WHAT is it?
Any organisation or entity that’s involved in payment-card processing or that stores, processes, or transmits account data has to comply with the requirements of the Payment Card Industry Security Standards Council (PCI SSC), founded by American Express, Discover, JCB International, MasterCard and Visa in 2006.
A simple way of looking at this is that if you’re a business that accepts plastic cards or a bank or financial services provider that issues them, you will need to comply with the PCI Data Security Standard, or PCI DSS.
This means you have to meet six key goals (sometimes referred to as ‘control objectives’) and 12 key requirements:
Build and maintain a secure network
1. Install and maintain a firewall to protect cardholder data
2. Avoid vendor-supplied defaults for system passwords and other security parameters
Protect cardholder data
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a vulnerability management programme
5. Use and regularly update antivirus software or programmes
6. Develop and maintain secure systems and applications
Implement strong access control measures
7. Restrict access to cardholder data on a business need-to-know basis
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Monitor and test networks regularly
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an information security policy
12. Maintain a policy that addresses information security for employees and contractors
WHEN do I need it?
Yesterday. PCI DSS has been here for more than 10 years helping companies fight the cyber criminals and securing cardholder data. And criminals are not sleeping. they are developing new tools and new ways each day, so if you are not already boarded on PCI DSS train you should be standing in line for the ticket. Because without implementing security mechanisms it might already be too late. And you might already been breached. Don’t give them more time…