The Payment Card Industry Data Security Standards (PCI DSS) version 1.1 is a set of comprehensive requirements for enhancing payment account data security developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., to help facilitate the broad adoption of consistent data security measures on a global basis.
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
An outline of the standard is as follows:
Build and Maintain a Secure Network
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Implement Strong Access Control Measures
Regularly Monitor and Test Networks
Maintain an Information Security Policy
The PCI DSS must be met by all organizations (merchants and service providers) that transmit, process or store payment card data. The PCI DSS (sometimes referred to as a compliance standard) is not a law. It is a contractual obligation applied and enforced - by means of fines or other restrictions - directly by the payment providers themselves.
Cutecra can assist your business with all aspects of preparation for and remediation of a PCI audit from an authorised PCI Qualified Security Assessor (QSA) including:
Assistance to complete the PCI DSS Self Assessment Questionnaire (SAQ)
Gap analysis - help you understand what you need to do to to comply
Technology solutions - help you procure and implement the requirements
For advice and assistance regards PCI DSS compliance contact us now.