PCI DSS compliance
What does PCI DSS compliance mean? – Find out more!
If you are in the industry for card payment, you have probably heard about the PCI DSS. PCI DSS stands for Payment Card Industry Data Security Standard and is an information security standard that applies to all companies that process, store or transmit cardholder data – regardless of size or numbers of transactions.
Find out more. We have listed some important questions and answers you need to know about the PCI DSS compliance.
What is PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) is an international information security standard designed to protect card payments and reduce card fraud. PCI DSS is a common standard that has been developed and maintained by Visa Inc, MasterCard, American Express, Discover and JCB.
Why was PCI DSS created?
The PCI security standard constitutes technical and operational requirements stipulated by the PCI Security Standards Council (PCI SSC) to protect card data. PCI-DSS aims to minimise the handling of card data and other sensitive information, such as card numbers (PAN), chip data, PIN, CVC, etc. This helps to reduce the risk of card data will be compromised into the wrong hands, which can lead to fraud and negative impact on our brand and that of our customers.
Who is covered by PCI DSS?
All companies that handle card data, i.e. store, process and transmit card data, must comply with the requirements of PCI DSS.
Why is it so important to comply with the requirements of PCI DSS?
Complying with the requirements of PCI DSS means that we have done our best to keep our customers’ data and information safe and secure and to avoid fraudulent use of their data.
What are the consequences for non-compliant companies?
If we as a card issuer fail to comply with the standard, fines may be imposed on us.
What are the requirements of PCI DSS?
PCI DSS covers six main objectives, which are divided into 12 high-level requirements. These are then broken down into around 250 detailed requirements that must be fulfilled in order to be PCI DSS compliant.
Build and Maintain a Secure Network
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
- Use and regularly update anti-virus software or programs
- Develop and maintain secure systems and applications
Implement Strong Access Control Measures
- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
Regularly Monitor and Test Networks
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
Maintain an Information Security Policy
- Maintain a policy that addresses information security for employees and contractors