The Payment Card Industry Data Security Standard (PCI DSS) was established by the PCI Security Standards Council to help organizations process payment card data in a secure environment to prevent credit card fraud. The PCI DSS increases security of credit card data by increasing data controls and its exposure to threads. The PCI standards apply to any organization which holds, processes, or passes cardholder information from any card brand.
The PCI DSS is organized into twelve security standard requirements under six functional areas as listed below:
Establish & Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Secure Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor & Test Information Systems
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
Each functional area, or control objectives, contains requirements that must be in place to meet the objective of the Payment Card Industry Data Security Standard.
Intersec Worldwide is an authorized Qualified Security Assessors Company (QSAC), able to meet all your PCI compliance needs. We have experience working with the largest merchants and card brands, making our assessors some of the most qualified in the industry. We can provide all services pertaining to PCI, from GAP Assessment and remediation to final reporting and certification. Our experience and expertise in the PCI Auditing process makes Intersec Worldwide the ideal choice for your payment card security needs.
Copyright @ 2012 Intersecworldwide. All rights reserved.