What does PCI compliance mean? In short, it is following all the rules and regulations on the Payment Card Industry Data Security Standard (PCI DSS) set forth by the Payment Card Industry Security Standards Council (PCI SSC). But to understand the importance of complying with these standards, you must first know what they are, how they were made, and the importance of these regulations.
What is the PCI SSC?
The PCI SSC is a group formed by Visa, MasterCard, American Express, Discover, and JCB. Each of these companies had a separate security program, which made it difficult for online stores to comply with each of the different regulations, which often limited the payment options from online shopping. These groups realized that they all had the same goal in common: to create a secure environment in which to transfer and store payment card information. This security is to minimize the possibility of identity theft and unapproved purchases from people who could hack into the company's site and steal this information. After realizing this common goal, the five companies decided to work together to create a standardized set of security regulations. This goal was fulfilled on December 15th of 2004, when the first PCI DSS was published. Since then, there have been two updates to the standards to clarify and generally increase the ease of compliance.
The PCI DSS is a list of rules and regulations meant to minimize the possibility of unauthorized access of payment card information while transferring or storing information on the internet. This standard makes the process of compliance for multiple payment cards easier, instead of complying with multiple security standards, and provides a more secure global security understanding for payment cards. The PCI DSS can be broken into six groups called "control objectives" This list breaks the groups apart and lists the requirements for each group:
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
The PCI DSS also has very strict Wireless LAN requirements in cardholder data environments, which have separate requirements for certification.
How to comply with the PCI DSS
It is best to visit the PCI SSC website to look into exact specifications, but once your company has met the above twelve requirements, there is one last step that depends on the size of your company. If it is a small company, there is an online Self-Assessment Questionnaire (SAQ) that can be easily completed. In some regions this SAQ may need to be validated by a Qualified Security Assessor (QSA). If it is a large company, than you will need to look through the directory of QSAs to find one close to you who can assess your company's site. After this assessment, your company will be PCI DSS certified.
Complying with the PCI DSS guidelines is a necessity to keep cardholder's online transactions and information secure from theft or misuse. By following the twelve easy requirements, a company can quickly become PCI DSS certified, and safely use many payment cards safely online. This is a necessity in our ever-evolving world of technology.
There are currently no comments for this entry.
With the popularity of social networking sites increasing, how do you keep your company up-to-date? It seems like a new site is becoming popular every week, and it's difficult to know where to put your trust. Only a year ago, MySpace was the big networking…
Read more.No matter where you live, it always makes sense to spend less money. When the Sunday newspaper comes in, you always look at the ads to see what store has the best prices. So why would you want to pay more for your web design?Since web design is not restricted…
Read more.What does PCI compliance mean? In short, it is following all the rules and regulations on the Payment Card Industry Data security Standard (PCI DSS) set forth by the Payment Card Industry Security Standards Council (PCI DSS). But to understand the importance…
Read more.Ameronix
5501 Patterson Ave
Suite 200
Richmond, Va 23226
804.612.0576
Want to have your say?