ALERT

[WEBINAR] See the Whole Story: The Case for a Visualization Platform

Payment Card Industry Data Security Standard (PCI DSS)

Definition - What does Payment Card Industry Data Security Standard (PCI DSS) mean?

Payment card industry data security standard is a proprietary standard for all organizations that processes, transmit,s or stores payment cardholder data.

The standard provides a framework with technologies and practices that needs to be adhered to in order to protect and secure the cardholder data. Card brands comply with the standards incorporated by the payment card industry data security standard and is one of the major technical requirements for their data security compliance programs.

Techopedia explains Payment Card Industry Data Security Standard (PCI DSS)

The payment card industry data security standard is managed by the payment card industry standards council. Validation of the compliance by the organizations is done through a periodic network scan as well through annual security audit.

By complying with the payment card industry data security standards, organizations benefits in getting more trust and business from customers. The standard also indirectly helps the organizations in complying with similar industry standards, improving the efficiency of the It infrastructure as well as providing a basis for different security strategies. The complete set of standards can be downloaded from the website of the payment card industry security standards council.

The standard can be grouped into six categories with 12 requirements which are as follows:

1. Building and maintaining a secure network.

Requirement 1: In order to protect data, installing and maintain a firewall configuration. Requirement 2: Avoiding vendor supplied defaults for security parameters and system passwords.

2. Protection of the Cardholder Data Requirement

Requirement 3: Protecting the data which is stored.

Requirement 4: Across the public networks, all sensitive information and cardholder data needs to be encrypted before transmission.

3. Availability of a Vulnerability Management Program

Requirement 5: Anti-virus software needs to be used and regularly updated. Requirement 6: Secure systems and applications needs to be developed and maintained.

4. Strong Access Control Measures needs to be implemented

Requirement 7: Restriction of data with proper access controls.

Requirement 8: Providing a unique ID for each user with computing access

Requirement 9: Restriction of cardholder data physically. 5. Periodic test and monitor of the networks

Requirement 10: All access to cardholder data and resources in network needs to be monitored and tracked.

Requirement 11: Periodic test of security processes and environments.

6.Usage and maintenance of an Information Security Policy

Requirement 12: Maintenance of policy standards which helps in addresses all information security related processes and issues.

Connect with us

Techopedia on Linkedin
Techopedia on Linkedin
Tweat cdn.techopedia.com
"Techopedia" on Twitter


'@Techopedia'
Sign up for Techopedia's Free Newsletter!

Email Newsletter

Join thousands of others with our weekly newsletter

Resources
Free Whitepaper: The Path to Hybrid Cloud
Free Whitepaper: The Path to Hybrid Cloud:
The Path to Hybrid Cloud: Intelligent Bursting To Amazon Web Services & Microsoft Azure
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.