PCI-DSS (Payment Card Industry Data Security Standard) is a set of security benchmark designed to assurance to companies that manage credit card information preserve a secure environment for the safeguards of cardholder data
1. Install and restore a firewall: sustain cardholder data from prohibited access.
2. Do not use vendor-supplied defaults: Change default passwords and settings to defend prohibited access.
3. Safeguard stored cardholder data: Encrypt sensitive data, such as credit card numbers.
4. Encrypt transmission of cardholder data: Use secure protocols, such as TLS, to protect data in transit.
5. Use and regularly update anti-virus software: Protect against malware and other viruses.
6. Develop and sustain secure systems and applications: Regularly update and patch systems and applications to prevent vulnerabilities.
7. Restrict access to cardholder data: Limit access to authorized personnel only
8. Assign a unique ID to each person with computer access: Monitor and track access to cardholder data.
9. Restrict physical access to cardholder data: Protect data from restricted physical access.
10. Continuous monitor and test networks: Identify and address vulnerabilities.
11. Maintain a policy that addresses information security: Develop and enforce a comprehensive security policy.
1. Protects sensitive data: assurance the security and integrity of cardholder data.
2. Minimize risk of data breaches: Minimizes the risk of data breaches and cyber attacks.
3. Maintains customer trust: Demonstrates a commitment to protecting customer data.
4. Avoids costly fines and penalties: Ensures compliance with regulatory requirements, avoiding costly fines and penalties.
1. Merchants: Businesses that accept credit card payments.
2. Service providers: Companies that provide services to merchants, such as payment processors and gateways.
3. Financial institutions: Banks and other financial institutions that issue credit cards.
1. Conduct a risk assessment: Identify vulnerabilities and risks.
2. Implement security controls: Develop and implement security policies and procedures.
3. Regularly monitor and test: Continuously monitor and test systems and networks.
4. Maintain documentation: Keep accurate and up-to-date records of compliance efforts.
