What is PCI DSS? (pt. 1)

What does PCI DSS mean?

The “Payment Card Industry Data Security Standard” is a recent change to credit card processing security standards.

How does the PCI DSS affect Credit Card Payment Processing?

The Payment Card Industry Security Standards Council developed the PCI DSS to increase data security in credit card payment processing. The PCI SSC was formed by top credit card and payment companies to establish industry-wide security standards. The new standards apply to every organization or business that transmits, processes, or stores credit card data.

The security standard has six objectives that include a total of 12 compliance requirements. The PCI SSC states that the control objectives are as follow:

Have a Secure Network

  • Install and maintain a firewall configuration to protect cardholder data
  • Do not use vendor-supplied defaults for passwords and other security measures
  • Protect Cardholder Data

  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open, public networks
  • Maintain a Vulnerability Management Program

  • Use and regularly update anti-virus software
  • Develop and maintain secure systems and applications
  • Implement Strong Access Control Measures

  • Restrict access to cardholder data by business need-to-know
  • Assign a unique ID to each person with computer access
  • Restrict physical access to cardholder data.
  • Regularly Monitor and Test Networks

  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
  • Maintain an Information Security Policy

  • Maintain a policy that addresses information security
  • If businesses don’t follow these requirements, it could result in fines. Keep in mind that this standard is a minimum requirement and businesses are urged to take security even farther to protect payment information from fraud.

    In the next installment of this blog series, you will learn how PCI DSS affects your business and what your business should do to follow the requirements.