12 Requirements of PCI DSS

Any business that accepts card payments in store or online is required to comply with the PCI DSS (Payment Card Industry Data Security Standard). The Standard specifies 12 requirements, which are organised into six control objectives relating to the storage, transmission and processing of cardholder data.

Developed and maintained by the PCI SSC (Payment Card Industry Security Standards Council), the requirements apply to all system components included in or connected to the cardholder data environment. In other words people, processes and technologies that store, process, or transmit cardholder data or sensitive authentication data.

Failure to meet the 12 requirements could mean a fine or the termination of credit card processing privileges.

Our PCI-DSS Services cover all requirements:

Install and Maintain a Secure Network and Systems

  • Firewalls configured to prevent unauthorised access to cardholder data
  • Change default information including passwords, configurations, and NTP information so that it cannot be exploited by hackers

Protect Cardholder Data

  • Regulated data storage policy, procedures, and process implementation
  • Data encryption of cardholder data across open networks

Maintain a Vulnerability Management Program

  • Protect all systems against malware and regularly update antivirus software or programs
  • Develop and maintain secure systems and applications to identify security vulnerabilities and rank according to risk

Implement Strong Access Control Measures

  • Restrict access to cardholder data by business need-to-know basis
  • Documented Policy and Procedures to identify and authenticate access to system components
  • Physical access to systems should also be limited and monitored using appropriate control to restrict physical access to cardholder data

Regularly Monitor and Test Networks

  • Track and monitor all access to network resources and cardholder data
  • Vulnerability scans must be performed quarterly and after any significant change in the network to prevent intrusion and exploitation

Maintain an Information Security Policy

  • Security Policy to address information security for all personnel that includes an incident response plan for immediate response to any system breach

Contact us for more information.