[DON'T MISS] Optimal Forecasting: Save Time, Money and Trouble

Payment Card Industry Data Security Standard (PCI DSS)

Definition - What does Payment Card Industry Data Security Standard (PCI DSS) mean?

Payment card industry data security standard is a proprietary standard for all organizations that processes, transmit,s or stores payment cardholder data.

The standard provides a framework with technologies and practices that needs to be adhered to in order to protect and secure the cardholder data. Card brands comply with the standards incorporated by the payment card industry data security standard and is one of the major technical requirements for their data security compliance programs.

Techopedia explains Payment Card Industry Data Security Standard (PCI DSS)

The payment card industry data security standard is managed by the payment card industry standards council. Validation of the compliance by the organizations is done through a periodic network scan as well through annual security audit.

By complying with the payment card industry data security standards, organizations benefits in getting more trust and business from customers. The standard also indirectly helps the organizations in complying with similar industry standards, improving the efficiency of the It infrastructure as well as providing a basis for different security strategies. The complete set of standards can be downloaded from the website of the payment card industry security standards council.

The standard can be grouped into six categories with 12 requirements which are as follows:

  1. Building and maintaining a secure network.
    • Requirement 1: In order to protect data, installing and maintain a firewall configuration.
    • Requirement 2: Avoiding vendor supplied defaults for security parameters and system passwords.
  2. Protection of the Cardholder Data Requirement
    • Requirement 3: Protecting the data which is stored.
    • Requirement 4: Across the public networks, all sensitive information and cardholder data needs to be encrypted before transmission.
  3. Availability of a Vulnerability Management Program
    • Requirement 5: Anti-virus software needs to be used and regularly updated.
    • Requirement 6: Secure systems and applications needs to be developed and maintained.
  4. Strong Access Control Measures needs to be implemented
    • Requirement 7: Restriction of data with proper access controls.
    • Requirement 8: Providing a unique ID for each user with computing access
    • Requirement 9: Restriction of cardholder data physically.
  5. Periodic test and monitor of the networks
    • Requirement 10: All access to cardholder data and resources in network needs to be monitored and tracked.
    • Requirement 11: Periodic test of security processes and environments.
  6. Usage and maintenance of an Information Security Policy
    • Requirement 12: Maintenance of policy standards which helps in addresses all information security related processes and issues.
Share this:

Connect with us

Email Newsletter

Join thousands of others with our weekly newsletter

The 4th Era of IT Infrastructure: Superconverged Systems
The 4th Era of IT Infrastructure: Superconverged Systems:
Learn the benefits and limitations of the 3 generations of IT infrastructure – siloed, converged and hyperconverged – and discover how the 4th...
Approaches and Benefits of Network Virtualization
Approaches and Benefits of Network Virtualization:
Businesses today aspire to achieve a software-defined datacenter (SDDC) to enhance business agility and reduce operational complexity. However, the...
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.