The standard is a collaborative effort of major credit card companies, including Visa, MasterCard, American Express, Discover, and JCB. The PCI DSS is not a law, but rather a contractual obligation that organizations handling payment card data agree to adhere to.
The PCI DSS consists of twelve main requirements grouped into six control objectives:
1. **Build and Maintain a Secure Network and Systems:**
- Install and maintain a firewall configuration to protect cardholder data.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
2. **Protect Cardholder Data:**
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.
3. **Maintain a Vulnerability Management Program:**
- Use and regularly update antivirus software.
- Develop and maintain secure systems and applications.
4. **Implement Strong Access Control Measures:**
- Restrict access to cardholder data by business need-to-know.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
5. **Regularly Monitor and Test Networks:**
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
6. **Maintain an Information Security Policy:**
- Maintain a policy that addresses information security for all personnel.
Organizations that handle payment card data are required to comply with these standards to ensure the security of cardholder information. Compliance is typically validated through assessments and audits conducted by qualified security assessors. Non-compliance can result in fines, legal consequences, and damage to an organization's reputation.
It's important for businesses to understand their PCI DSS compliance requirements and work towards maintaining a secure environment for handling payment card data.
Launch your Graphy