PCI - DSS is a worldwide information security standard defined by the Payment Card Industry Security Standards Council.
What is PCI - DSS?
PCI DSS (Payment Card Industry Data Security Standard) is basically created to help payment card industry that process card payments.The standard applies to all organizations that hold, process , or exchange cardholder information. Although PCI DSS originated in concerns about online credit card data, it also covers all credit card data an organisation holds, such as order forms , payment silps etc.Where cards are taken over the telephone , faxed or on paper it determines how this data must be handled to make it secure.It is also not limited to credit cards - debit cards and other forms of card payment are also covered.
PCI DSS is a set of six principles that encompass 12 specific requirements. These requirements are equally applicable to any organisation holding personal information and are intended to reduce the organisation's risk of data breach.
Build and maintain a secure network
- Install and maintain a firewall configuration to protect your cardholder's data.
- Donot use vendor defaults for system passwords or other security actions.
Protect your cardholder data
- Protect any stored cardholder data.
- Encrypt transmission of your cardholders data across open, public networks
Keep a vulnerability management plan
- Always use and regularly update your anti-virus software.
- Develop and maintain secure systems and applications
Implement strong access control practices
- Limit access to cardholder data to only those who need to know .
- Give every person with computer access a unique ID limit physical access to cardholder data
Monitor and test your networks on a regular basis
- Track and monitor all access to your network resources and cardholder data
- Regularly test security systems and procedures
Keep an information Security Policy
- Always keep a policy that address your information security
The PCI Security Standard Council encourages businesses that store payment data to comply with PCI DSS and become certified to help reduce financial risk.Failure to annually certified can become an issue if you have a security breach and your customer's card details are stolen , in which case penalties levied by the card schemes and costs can be heavy depending upon number of cards compromised . Even where a merchant is certified this doesnot protect them from potential penalities if it is deemed that their own actions through negligence , ommission or accident contributed to breach. |
