What Does Payment Card Industry Data Security Standard (PCI DSS) Mean?
Payment card industry data security standard is a proprietary standard for all organizations that processes, transmit,s or stores payment cardholder data.
The standard provides a framework with technologies and practices that needs to be adhered to in order to protect and secure the cardholder data. Card brands comply with the standards incorporated by the payment card industry data security standard and is one of the major technical requirements for their data security compliance programs.
Techopedia Explains Payment Card Industry Data Security Standard (PCI DSS)
The payment card industry data security standard is managed by the payment card industry standards council. Validation of the compliance by the organizations is done through a periodic network scan as well through annual security audit.
By complying with the payment card industry data security standards, organizations benefits in getting more trust and business from customers. The standard also indirectly helps the organizations in complying with similar industry standards, improving the efficiency of the It infrastructure as well as providing a basis for different security strategies. The complete set of standards can be downloaded from the website of the payment card industry security standards council.
The standard can be grouped into six categories with 12 requirements which are as follows:
- Building and maintaining a secure network.
- Requirement 1: In order to protect data, installing and maintain a firewall configuration.
- Requirement 2: Avoiding vendor supplied defaults for security parameters and system passwords.
- Protection of the Cardholder Data Requirement
- Requirement 3: Protecting the data which is stored.
- Requirement 4: Across the public networks, all sensitive information and cardholder data needs to be encrypted before transmission.
- Availability of a Vulnerability Management Program
- Requirement 5: Anti-virus software needs to be used and regularly updated.
- Requirement 6: Secure systems and applications needs to be developed and maintained.
- Strong Access Control Measures needs to be implemented
- Requirement 7: Restriction of data with proper access controls.
- Requirement 8: Providing a unique ID for each user with computing access
- Requirement 9: Restriction of cardholder data physically.
- Periodic test and monitor of the networks
- Requirement 10: All access to cardholder data and resources in network needs to be monitored and tracked.
- Requirement 11: Periodic test of security processes and environments.
- Usage and maintenance of an Information Security Policy
- Requirement 12: Maintenance of policy standards which helps in addresses all information security related processes and issues.