PCI DSS Compliance
The Payment Card Industry Data Security Standard or PCI DSS defines the best practices for storing, transmitting, and handling sensitive information over the Internet. All organizations that hold, process, or exchange cardholder information from any card branded with the logo of participating brands, have the standard applied to prevent credit card fraud. PCI DSS was created to implement a certain level of security for merchants who store, process, or transmit credit card data. The twelve requirements laid out by PCI Security Standards Council are organized into six categories listed as follows:
Build and Maintain a Secure Network
- Install and maintain a firewall configuration to protect cardholder data.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect Stored Cardholder Data
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.
Maintain a Vulnerability Management Program
- Use and regularly update anti-virus software or programs.
- Develop and maintain secure systems and applications.
Implement Strong Access Control Measures
- Restrict access to cardholder data by business need-to-know.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
Regularly Monitor and Test Networks
- Track & monitor all access to network resources/cardholder data.
- Regularly test security systems and processes.
Maintain an Information Security Policy
- Maintain a policy that addresses information security for employees and contractors.
The PCI DSS compliance cost depends on your business type, existing IT infrastructure, number processed transactions annually, credit/debit processing, and storage practices. Storage amount and time should be limited to only required information for legal and business purposes. Remote storage of credit card data is one of the ways to achieve PCI compliance. PCI DSS compliance can be validated either quarterly or annually. Innolance offers solutions complying with PCI DSS.