plan42 > IT Security Management > PCI DSS > Topic Details

PCI DSS

Details on the Topic

What is the PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS or PCI) is a set of rules that defines controls to protect credit card data during payment transaction processing. It is based on the Visa Account Information Security Program (AIS), the MasterCard Site Data Protection program (SDP), the American Express Security Operating Policy (DSOP), the Discover Information Security and Compliance (DISC) and the JCB Data Security Program, and it is supported by all major credit card organisations. The guidelines are mandatory for all trading companies and service providers that store and transmit credit card data or process transactions. In case of non-compliance, credit card organsations may impose penalties, introduce restrictions or prohibit the acceptance of credit cards.

PCI Requirements

The PCI includes the following 12 requirements:

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Change default passwords and other standard security settings
  3. Protect stored data
  4. Encrypt transmission of data over public networks
  5. Use and regularly update anti-virus software
  6. Develop and maintain secure systems and applications
  7. Restrict access to credit card data by business need-to-know
  8. Assign a unique ID to each person with computer access
  9. Restrict physical access to credit card data
  10. Log and monitor all access to network resources and credit card data
  11. Regularly test security systems and processes
  12. Introduce and enforce IT security guidelines for all staff

Self Assessments and Audits

Each credit card company has its own procedures in place to assess PCI compliance. Risk classes assigned to trading companies and service providers determine in which cases self assessments based on questionnaires are sufficient and when external audits must be carried out by certified auditors. For further details about PCI requirements and test procedures, please refer to www.pcisecuritystandards.org.

PCI Implementation in Your Organisation

plan42 security consultants assist you in implementing the PCI requirements in your organisation. In 7 project steps, we make sure you are perfectly prepared for certification audits and self assessments. Do you have any questions about our PCI services? Please feel free to contact us.