February 13th, 2014 by Elma Jane

Core Elements of PCI’s Data Security Standard

This organization provides an international platform for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. It is impossible to be involved in the credit card processing industry and not be aware of the PCI Security Standards Council.

As such it is important to be aware of the core elements of the PCI’s Data Security Standard (DSS).

The following are the current fundamental principles and requirements:

Build and Maintain a Secure Network

Requirement a. Install and maintain a firewall configuration to protect cardholder data
Requirement b. Do not use vendor-supplied defaults for system passwords and other security parameters

Implement Strong Access Control Measures

Requirement c. Restrict access to cardholder data by business need-to-know
Requirement d. Assign a unique ID to each person with computer access
Requirement e. Restrict physical access to cardholder data

Maintain a Vulnerability Management Program

Requirement f. Use and regularly update anti-virus software
Requirement g. Develop and maintain secure systems and applications

Maintain an Information Security Policy

Requirement h. Maintain a policy that addresses information security

Protect Cardholder Data

Requirement i. Protect stored cardholder data
Requirement j. Encrypt transmission of cardholder data across open, public networks

Regularly Monitor and Test Networks

Requirement k. Track and monitor all access to network resources and cardholder data
Requirement l. Regularly test security systems and processes

 

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, Payment Card Industry PCI Security Tagged with: , , , , , , , , , ,