What is PCI DSS?

PCI DSS stands for Payment Card Industry Data Security Standard. This regulation is mandated by credit card companies to help ensure the security of credit card transactions in the payments industry. 

Who Must Follow PCI DSS?

PCI DSS applies with any company that accepts, processes, stores, or transmits payment card information (i.e., credit or debit card information), such as merchants, point-of-sale vendors, financial institutions (e.g., banks, creditors), and developers who create the programs used to process payments.

The 12 requirements of PCI DSS

  1. A firewall configuration must be installed and maintained a to protect cardholder data.
  2. Vendor-supplied defaults for system passwords and other security parameters should not be used.
  3. Cardholder data should be protected.
  4. Transmission of cardholder data across open, public networks should be encrypted.
  5. Anti-virus software or programs should be used and regularly updated.
  6. Secure systems and applications should be developed and maintained.
  7. Access to cardholder data should be restricted for only “need-to-know” purposes.
  8. Unique ID should be assigned to each person with computer access.
  9. Physical access to cardholder data should be restricted.
  10. Access to network resources and cardholder data should be tracked and monitored.
  11. Security systems and processes should be regularly tested.
  12. A policy that addresses information security for all personnel should be maintained.

How To Get Started With PCI DSS

Before you start digging into the requirements for PCI DSS, you’ll want to define your PCI DSS scope. This will help you reduce the compliance costs, operation costs, and risk associated with interacting with payment card data. This involves a few exercises:

  1. Identify how and where the company receives cardholder data
  2. Find and record where account data is stored, processed, & transmitted
  3. Identify all other system components, processes, and personnel that are in scope.
  4. Implement controls to minimize scope to necessary components, processes, and personnel

Let Red Lion Assist in your PCI DSS Compliance

Do you still have questions regarding PCI DSS? Our compliance professionals can help you to understand and comply with PCI DSS, regardless of complexity.

Contact Us Today

Other Regulations & Services That You May Be Interested In:

HIPAA

Health Insurance Portability and Accountability Act

GDPR

General Data Protection Regulation
Translate »