While relatively a newcomer to the IT compliance scene, PCI DSS has been mandated by all members of the PCI Security Standards Council, including Visa International, MasterCard Worldwide, American Express, Discover Financial Services and JCB International. What this means, essentially, is that all banks that process the payment transactions associated with these cards are responsible for ensuring that merchants meet the standard or face severe penalties.

PCI DSS has an extensive reach — it applies not only to your business, but also to virtually any vendor that supports your organization by accepting, storing, processing or transmitting payment card data, including personal data from credit and debit cards. Any business partner or vendor that handles cardholder data (CHD) or sensitive authentication data (SAD) in these capacities is classified as a PCI merchant and is required to comply. Objectives and requirements

The overriding goal of PCI DSS is to ensure payment card data confidentiality, which means making sure that you and your vendors have the proper operational processes and controls in place to secure customer data and ensure it is auditable. Specifically, PCI DSS requirements are intended to ensure that organizations

 Build and maintain secure networks and systems

• Protect cardholder data

• Maintain a vulnerability management program

• Implement strong access control measures

• Regularly monitor and test networks

• Maintain an information

 Many of the PCI DSS standards have detailed requirements that focus on key processes and controls organizations must have in place for managing user identities and entitlements.

These include controls that:

  • Ensure each user is uniquely identified
  • Define access needs for each role
  • Assign access based on individual’s job classification and function
  • Limit access to cardholder data to only authorized users
  • Ensure each user has explicit approval for the least amount of data and privilege needed to perform his or her job role
  • Enforce strong password management settings
  • Track logging and recording of all privileged user activity
  • Prevent the abuse of system accounts
  • Secure audit logs 

  • As a business person that accepts payment cards, I comply with the PCI DSS. PCI DSS protects stored cardholder data from unauthorized use and this is very important for everyone, and for me not only as a business person but as a customer in general. For example, I have a Skrill account from https://baxity.com/ and I feel totally secure about it because I know my money won't go anywhere and they're safe. I would like to say this about all of my accounts and credit cards, but these days it's so easy to hack and to steal money, so you can't be so sure about anything. Either way, PCI DSS remains a must for all the merchants that work with credit card transactions.

  • This promotion has expired. Are there any other similar ones?

Related Content