What is PCI-DSS?

The payment card industry data security standard (simply known as PCI-DSS) is a set of regulations formed by major payment card brands (such as VISA, MasterCard, AmEx, Discover, etc.). There are 12 general security requirements, and sub requirements within each, that every merchant that receives payment card information needs to follow. There are 4 levels of compliance – which level you have to comply with depends on the number of transactions per year your organization processes. The 12 main PCI-DSS requirements are below:

Image by rupixen.com

Do I have to comply with PCI-DSS?

Pick a payment provider that handles payments securely and complies with level 1 PCI-DSS standards. If you handle the payments and transmit/store any data, you have standards to consider complying with under PCI-DSS.

What if I don't meet PCI compliance?

Being out of compliance can lead to serious security events that could cost your organization valuable client data, and have serious financial implications (both fines and loss of revenue). To avoid the risk of data breaches that could highly damage your brand – comply with these regulations.

blank PCI DSS chart.jpg

Build and Maintain a Secure  Network

1. Install and maintain a firewall configuration to protect cardholder data

2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

3. Protect stored cardholder data

4. Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

5. Use and regularly update anti-virus software or program 

6. Develop and maintain secure systems and applications

Implement Strong Access Control Measures

7. Restrict access to cardholder data by business need to know 

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data

Regularly Monitor and Test Networks

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes

Maintain an Information Security Policy

12. Maintain a policy that addresses information security for all personnel