PCI-DSS (Payment Card Industry Data Security Standard) is a set of data security standards that are designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. The standards are designed to protect cardholder data, reduce credit card fraud and ensure the security of payment transactions.

PCI-DSS Controls

Build and Maintain a Secure Network and Systems

  1. Install and maintain a firewall configuration to protect
    cardholder data
  2. Do not use vendor-supplied defaults for system passwords and
    other security parameters

    Protect Cardholder Data
  3. Protect stored cardholder data
  4. Encrypt transmission of cardholder data across open,
    public networks

    Maintain a Vulnerability Management Program
  5. Protect all systems against malware and regularly update antivirus software or programs
  6. Develop and maintain secure systems and applications

    Implement Strong Access Control Measures
  7. Restrict access to cardholder data by business need to know
  8. Identify and authenticate access to system components
  9. Restrict physical access to cardholder data

    Regularly Monitor and Test Networks
  10. Track and monitor all access to network resources and
    cardholder data
  11. Regularly test security systems and processes

    Maintain an Information Security Policy
  12. Maintain a policy that addresses information security for all
Scroll to Top