Skip to content

PCI DSS

Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. The PCI DSS was developed to enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally.

The PCI DSS was established in 2004 by the major credit card companies: Visa, MasterCard, American Express, Discover, and JCB. These companies formed the Payment Card Industry Security Standards Council (PCI SSC) to manage the ongoing evolution of the PCI DSS and other security standards.

The PCI DSS framework comprises of these six requirements:

Build a Secure Network

Building a Secure Network

Install and maintain a firewall configuration to protect cardholder data. Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect Cardholder Data

Protecting Cardholder Data

Protect stored cardholder data. Encrypt transmission of cardholder data across open, public networks.

Maintain a Vulnerability Management Program

Maintaining a Vulnerability Management Program

Protect all systems against malware and regularly update antivirus software or programs. Develop and maintain secure systems and applications.

Strong Access Control Measures

Strong Access Control Measures

Identify and authenticate access to system components. Restrict physical access to cardholder data.

Regularly Monitor and Test Networks

Regularly Monitoring and Testing Networks

Track and monitor all access to network resources and cardholder data. Regularly test security systems and processes.

Maintain an Information Security Policy

Maintaining an Information Security Policy

Maintain a policy that addresses information security for employees and contractors. Restrict access to cardholder data by business need-to-know.

Compliance with PCI DSS is validated annually. Non-compliance can result in severe consequences, including fines, increased transaction fees, and potential loss of the ability to process credit card transactions.

By adhering to PCI DSS standards, organizations can protect sensitive information, reduce the risk of data breaches, and build trust with customers and stakeholders.