PCI

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure

KEY TAKEAWAYS

• Companies that follow and achieve the Payment Card Industry Data Security Standards (PCI DSS) are considered to be PCI compliant.
• The PCI Security Standards Council is responsible for developing the PCI DSS.
• PCI DSS has 12 key requirements, 78 base requirements, and 400 test procedures to ensure that organizations are PCI compliant.
• Being PCI compliant reduces data breaches, protects the data of cardholders, avoids fines, and improves brand reputation.
• PCI compliance is not required by law but is considered mandatory through court precedent.

In order to conform with PCI guidelines, several steps should be undertaken that are considered security best practices. The 12 major steps include the following:

• Implement firewalls to protect data
• Appropriate password protection (such as 2FA)
• Protect cardholder data
• Encryption of transmitted cardholder data
• Utilize antivirus and anti-malware software
• Update software and maintain security systems on a regular basis
• Restrict access to cardholder data
• Unique IDs assigned to those with access to data
• Restrict physical access to data storage
• Create and monitor access logs
• Test security systems on a regular basis
• Create a policy that is documented and that can be followed